322 matches found
CVE-2018-2639
Vulnerability in the Java SE component of Oracle Java SE subcomponent: Deployment. Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...
FoxSash ImgHosting Search Engine Cross-Site Scripting Vulnerability
FoxSash ImgHosting is a set of scripts for online image hosting. search engine is one of the search engines. A cross-site scripting vulnerability exists in the search engine in FoxSash ImgHosting version 1.5. A remote attacker can exploit this vulnerability by sending the 'search' parameter to th...
CVE-2017-1002006
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/savecontact.php doesn't check that the user is authorized before injecting new contacts into the wpcontact table...
GLPI front/devicesoundcard.php file SQL injection vulnerability
GLPI is an open source IT resource management suite maintained by the Indepnet Association. The suite includes features such as device status management, asset inventory storage, management processes and work log management. An SQL injection vulnerability exists in the front/devicesoundcard.php...
PHP 'main/php_ini.c' Denial of Service Vulnerability
PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A denial of service vulnerability exists in PHP version 7.1.5. An attacker can exploit the vulnerability to corrupt the affected application,...
PT-2017-4084 · Pivotal +1 · Rabbitmq +1
Name of the Vulnerable Software and Affected Versions: RabbitMQ versions 3.4.x through 3.5.x RabbitMQ versions 3.6.x prior to 3.6.9 RabbitMQ for PCF versions 1.5.x RabbitMQ for PCF versions 1.6.x prior to 1.6.18 RabbitMQ for PCF versions 1.7.x prior to 1.7.15 Description: The issue is related to...
ALPINE-CVE-2017-9227
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbcenclen during regular expression searching. Invalid handling of reg-dmin in forwardsearchrange could result in an invalid pointer...
Think Mutual Bank Mobile Banking app SSL Certificate Validation Vulnerability
Think Mutual Bank mobile banking app for iOS is a mobile banking app for iOS from Think Mutual Bank that provides quick access to manage customer accounts, manage balances, pay bills, send money, deposit checks, set up text alerts, find branch and ATM locations and more. A security vulnerability...
UBUNTU-CVE-2017-3590
Vulnerability in the MySQL Connectors component of Oracle MySQL subcomponent: Connector/Python. Supported versions that are affected are 2.1.5 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to...
OpenJPEG Remote Heap Buffer Overflow Vulnerability
OpenJPEG is a C-based open source JPEG 2000 codec . A remote heap buffer overflow vulnerability exists in OpenJPEG versions 1.3 and 1.5.1. An attacker could exploit this vulnerability to execute arbitrary code in the context of a user-run application, which could also result in a denial of servic...
EMC RSA BSAFE Micro Edition Suite TLS Man-in-the-Middle Attack Vulnerability
EMC RSA BSAFE Micro Edition Suite MES is an encryption toolkit from EMC Corporation. The toolkit helps developers achieve stable and secure application design.TLS Transport Layer Security is a set of protocols used to provide confidentiality and data integrity between two communicating...
PYSEC-2016-4
The Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack MMA...
CVE-2016-0684
Unspecified vulnerability in the Oracle Retail MICROS ARS POS component in Oracle Retail Applications 1.5 allows remote authenticated users to affect confidentiality via vectors related to POS...
Unspecified Vulnerability in Pivotal Software Spring Framework Java SockJS Client
Pivotal Software Spring Framework is the U.S. Pivotal Software, Inc. of a set of open source Java, Java EE application framework. The framework helps developers build high-quality applications . A security vulnerability exists in the Java SockJS client in Pivotal Software Spring Framework version...
acroread: multiple code execution flaws (APSB13-02)
Use-after-free vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors...
BELL-CVE-2012-0815 CVE-2012-0815 does not affect BellSoft software
Bulletin has no description...
openssl signature forgery
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying...
CVE-2006-6248
index.php in GPhotos 1.5 allows remote attackers to obtain sensitive information via an invalid rep parameter, which reveals the full path in an error message...
openssl signature forgery
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying...
Eraser advisory :)
Advisory by Eraser 5 / Продукт: Aquonics File Manager 1.5 advisory 5 Уязвимость: 1.Обратный путь в директориях 2.Повышение прав доступа Разработчик программы: www.aquonics.com Опасность: высокая Дата: 19.07.02 / --Описание-- Aquonics File Manager 1.5 - расширенный файл мэнеджер. Через первую...