XML Parser Denial of Service Vulnerability in Various Huawei Products

Huawei S12700 and so on are enterprise switch products of Huawei China Company. XML parser is one of the XML parsers. A denial of service vulnerability exists in the XML parser in several Huawei products, which stems from the program's lack of validation of XML files. An attacker could cause a...

Denial Of Service (DoS) Via Missing Validation

ImageMagick is vulnerable to denial of service DoS. The vulnerability is possible because coders/mat.c is missing validation, leading to an assertion failure in the DestroyImage function in MagickCore/image.c,...

DEBIAN-CVE-2017-12670

In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to an assertion failure in the function DestroyImage in MagickCore/image.c, which allows attackers to cause a denial of service...

CVE-2017-12670

In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to an assertion failure in the function DestroyImage in MagickCore/image.c, which allows attackers to cause a denial of service...

UBUNTU-CVE-2017-12670

In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to an assertion failure in the function DestroyImage in MagickCore/image.c, which allows attackers to cause a denial of service...

Joomla! cross-site scripting vulnerability (CNVD-2017-22326)

Joomla! CMS is a U.S. Open Source Matters team developed a set of open source content management system CMS. The system provides RSS feeds , site search and other functions . A cross-site scripting vulnerability exists in Joomla! CMS versions 1.7.3 to 3.7.2, which stems from a lack of cross-site...

Input validation

andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php...

CVE-2017-6511

andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php...

CVE-2017-6511

andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php...

Unauthorized Access Vulnerability in Deephaven Jet Mixcall Customer Service System

Ltd. is a company that focuses on the research, development, manufacturing and sales of call centers and converged communication products. mixcall is one of the company's customer service systems. An unauthorized access vulnerability exists in the SZHJ Mixcall customer service system. Due to a la...

OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...

Design/Logic Flaw

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...

CVE-2010-3573

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU...

kernel: ext4: ext4_fill_super() missing validation issue

The ext4fillsuper function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate the superblock configuration, which allows local users to cause a denial of service NULL pointer dereference and OOPS by attempting to mount a crafted ext4...

CVE-2008-5396

Array index error in the 1 torisa.c and 2 dahdi/tor2.c drivers in Zaptel aka DAHDI 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to missing validation of the sync field associated with the ZTSPANCONFIG...

Dotclear 'ecrire/images.php' Arbitrary File Upload Vulnerability

Advisory 1 "Dotclear 'ecrire/images.php' Arbitrary File Upload Vulnerability" $ Author : Morgan ARMAND $ Contact : armandm at epitech dot net $ Vendor URL : http://www.dotclear.net $ Vendor Contacted : 07/04/2008 $ Vendor Status : No response $ Affected Software : Dotclear = 1.2.7.1 $ Severity :...

CVE-2007-5082

Multiple stack-based buffer overflows in Computer Associates CA BrightStor Hierarchical Storage Manager HSM before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent service commands with certain opcodes, related to missing validation of a length parameter...

FreeBSD : Macromedia flash player -- swf file handling arbitrary code (aed343b4-5480-11da-b579-001125afbed7)

A Secunia Advisory reports : A vulnerability has been reported in Macromedia Flash Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to missing validation of the frame type identifier that is read from a SWF file. This value is used ...