33 matches found
CVE-2024-22203
Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the element method in app/routes.py does not validate the user-controlled srctype and elementurl variables and passes them to the send method which sends a GET request on lines 339-343 in request.py, which leads to a...
The vulnerability of the validateAMCWSConnection method in the Avalanche mobile device management system allows a hacker to gain unauthorized access to protected information.
The vulnerability of the validateAMCWSConnection method in the Avalanche mobile device management system is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the utils.exec build method of the Nginx Proxy Manager web proxy server allows a hacker to execute arbitrary commands on the server.
The vulnerability of the utils.exec build method of the Nginx Proxy Manager proxy server exists because measures to eliminate special elements used in operating system commands have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on the server...
PT-2021-20794 · Foxit · Foxit Pdf Reader
Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. User interaction is required, where the target must visit a malicious page or open a...
Privilege Escalation
HAProxy is vulnerable to privilege escalation. The vulnerability exists due to a flaw in HTTP method name that when it contains a space followed by the name of a protected resource, it is possible that a server would interpret this as a request for that protected resource, such as in the "GET...
USN-4754-3 python2.7, python3.7, python3.8 vulnerabilities
USN-4754-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 18.04 and Ubuntu 20.04. In the case of Python 2.7 for 20.04, these additional fixes are included: It was dicovered that Python allowed remote attackers to cause a denial of service resource...
Cross-site Scripting (XSS)
Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Cross-site Scripting XSS. It's possible to inject JavaScript code via the html method. PoC var doc = new jsPDF; window.html2canvas = html2canvas; let html = a ; doc.htmlhtml, callback:...
UBUNTU-CVE-2020-7656
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "" HTML tags that contain a whitespace character, i.e: "", which results in the enclosed script logic to be executed...
VulnCheck KEV: CVE-2013-5758
cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files...
Apache denial of service vulnerability
Apache Commons Compress is an American Apache Apache Software Foundation library for processing compressed files. A denial of service vulnerability exists in Apache Commons Compress versions 1.7 through 1.17, which stems from a failure of the read method of ZipArchiveInputStream to return the...
Rising AntiVirus Online Scanner - Insecure Method Flaw
Rising AntiVirus Online Scanner - Insecure Method Flaw Rising Online Scanner Insecure Method Vulnerability function test rav.BaseURL = "http://jsmith080220.googlepages.com/"; rav.Encardid = "0000$0000$0000"; rav.UpdateEngine; wait for a few seconds after clicking the button milw0rm.com 2008-02-25...
Rising Antivirus Online Scanner Insecure Method Flaw Exploit
Exploit for unknown platform in category remote exploits ============================================================ Rising Antivirus Online Scanner Insecure Method Flaw Exploit ============================================================ Rising Online Scanner Insecure Method Vulnerability...
Microsoft Internet Explorer contains a DHTML method heap memory corruption vulnerability
Overview Microsoft Internet Explorer contains a flaw in DHTML method handling which may allow a remote attacker to execute arbitrary code. Description The DHTML method handling in Internet Explorer fails to perform proper bounds checking. This vulnerability may allow data to be written outside th...