The vulnerability of the Taserver web service on the TeNIX operating system for programmable logic controllers MFC1500 and MFC3000 allows a perpetrator to execute arbitrary code.

The vulnerability of the TAserver web service for the TeNIX programmable logic controllers MFC1500 and MFC3000 lies in the lack of name filtering when generating a 404 HTTP error page. As a result, the name of the non-existent web page is passed unchanged to the generated error page. Exploiting...

Dnsmasq Security Bypass Vulnerability

Dnsmasq is the software developer Simon Kelley developed a use of C language written in open source lightweight DNS forwarding and DHCP, TFTP server . A security bypass vulnerability exists in the DNSSEC implementation in Dnsmasq 2.78 and earlier versions. An attacker could exploit this...

Cacti Access Restriction Bypass Vulnerability

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . A security vulnerability exists in the authlogin.php file in versio...

CVE-2012-4377

Cross-site scripting XSS vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image...

Cross site scripting

Cross-site scripting XSS vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image...

CVE-2012-4377

Cross-site scripting XSS vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image...

U.S. Dept Of Defense: Illegal account registration in ████████

Summary: Can create an account of nonexistent person John Doe in ████. Description: Input the following values on the Create Account Step1 page. Last Name: Doe Date of Birth: JAN 1 2017 Social Security Number: 123-45-6789 Request Step1: POST /cc/accountcreation/step1submit HTTP/1.1 Host: ████████...

The vulnerability of the PowerDNS Recursor software allows a malicious actor to compromise the integrity and accessibility of protected information.

The software PowerDNS Recursor is vulnerable due to the rewriting of cached server names and TTL values in NS records when processing “A” record queries. Exploiting this vulnerability allows a malicious actor to extend the validity of revoked domain names by using non-existent domain names...

The vulnerabilities of Debian GNU/Linux operating systems, Ubuntu, office software packages such as LibreOffice and Apache OpenOffice, allow attackers to trigger service failures or execute arbitrary code.

The vulnerability of the Debian GNU/Linux operating system, Ubuntu, and the office software packages LibreOffice and Apache OpenOffice is due to buffer overflow attacks. Exploiting this vulnerability allows an attacker to cause service failures or execute arbitrary code by accessing an nonexisten...

Design/Logic Flaw

namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service memory exhaustion via vectors that trigger a sandboxed process to look up a large number of nonexistent path names...

CVE-2014-3711

namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service memory exhaustion via vectors that trigger a sandboxed process to look up a large number of nonexistent path names...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5754, CVE-2014-5755, CVE-2014-8538. Reason: This candidate is a duplicate of CVE-2014-5754, CVE-2014-5755, and CVE-2014-8538. Further investigation showed that an applicable library product did not exist. Notes: All CVE users...

samba: pam_winbind fails open when non-existent group specified to require_membership_of

The winbindnamelisttosidstringlist function in nsswitch/pamwinbind.c in Samba through 4.1.2 handles invalid requiremembershipof group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by...

CVE-2013-0157

a mount and b umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by 1 using the --guess-fstype command-line option or 2 attempting to mount a non-existent device, which generates different error messages dependin...

Dropbear SSH server timing attacks

Different timings for existent and nonexistent users...

Mandriva Update for bind MDVSA-2011:176-2 (bind)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CVE-2009-4975

Cross-site scripting XSS vulnerability in webview.cpp in QtDemoBrowser allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536...

CVE-2009-4975

Cross-site scripting XSS vulnerability in webview.cpp in QtDemoBrowser allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536...

CVE-2009-4976

Cross-site scripting XSS vulnerability in webkitpart.cpp in kwebkitpart allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536...

CVE-2010-2536

Multiple cross-site scripting XSS vulnerabilities in rekonq 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 a URL associated with a nonexistent domain name, related to webpage.cpp, aka a "universal XSS" issue; 2 unspecified vectors related to webview.cpp; and t...