7 matches found
UBUNTU-CVE-2026-0968
A flaw was found in libssh in which a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed 'longname' field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can...
CVE-2025-68275 ChurchCRM vulnerable to Stored XSS - Group name > Person Listing
ChurchCRM is an open-source church management system. Versions prior to 6.5.3 have a stored cross-site scripting vulnerability on the pages View Active People, View Inactive people, and View All People. Version 6.5.3 fixes the issue...
CVE-2024-54155
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication...
DEBIAN-CVE-2018-12365
A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox...
DEBIAN-CVE-2018-13033
The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service excessive memory allocation and application crash via a crafted ELF file, as demonstrated by bfdelfparseattributes in elf-attrs.c and bfdmalloc in libbfd.c...
Phone Drive v3.0.3 iOS - Multiple Critical Vulnerabilities
Document Title: =============== Phone Drive v3.0.3 iOS - Multiple Critical Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1037 Release Date: ============= 2013-07-30 Vulnerability Laboratory ID VL-ID: ====================================...
nCircle patches PureCloud vulnerability scanner on Vulnerability-Lab report
The Vulnerability-Laboratory Research Team discovered persistent and client side POST Injection web vulnerability in the nCircle PureCloud cloud-based Vulnerability Scanner Application. The vulnerability allows an attacker to inject own malicious script code in the vulnerable module on applicatio...