9 matches found
EUVD-2019-9530
Malware in sbrugna...
CVE-2019-19942
Missing output sanitation in Swisscom Centro Grande Centro Grande before 6.16.12, Centro Business 1.0 ADB before 7.10.18, and Centro Business 2.0 before 8.02.04 allows a remote attacker to perform DNS spoofing against the web interface via crafted hostnames in DHCP requests...
Cloudflare Public Bug Bounty: HTTP Request Smuggling in Transform Rules using hexadecimal escape sequences in the concat() function
The Edge Rules engine used by Cloudflare Transform Rules features string modifying functions like lower and concat, which accepted hexadecimal-encoded characters such as ā\x0a\x0dā. This allowed for manipulation of request headers e.g. injecting an additional header and, as a consequence, made HT...
CVE-2019-19942
Missing output sanitation in Swisscom Centro Grande Centro Grande before 6.16.12, Centro Business 1.0 ADB before 7.10.18, and Centro Business 2.0 before 8.02.04 allows a remote attacker to perform DNS spoofing against the web interface via crafted hostnames in DHCP requests...
CVE-2019-19942
Missing output sanitation in Swisscom Centro Grande Centro Grande before 6.16.12, Centro Business 1.0 ADB before 7.10.18, and Centro Business 2.0 before 8.02.04 allows a remote attacker to perform DNS spoofing against the web interface via crafted hostnames in DHCP requests...
Design/Logic Flaw
Missing output sanitation in Swisscom Centro Grande Centro Grande before 6.16.12, Centro Business 1.0 ADB before 7.10.18, and Centro Business 2.0 before 8.02.04 allows a remote attacker to perform DNS spoofing against the web interface via crafted hostnames in DHCP requests...
CVE-2019-19942
Missing output sanitation in Swisscom Centro Grande Centro Grande before 6.16.12, Centro Business 1.0 ADB before 7.10.18, and Centro Business 2.0 before 8.02.04 allows a remote attacker to perform DNS spoofing against the web interface via crafted hostnames in DHCP requests...
SUSE-SU-2019:0499-1 Security update for ceph
This update for ceph fixes the following issues: Security issues fixed: - CVE-2018-14662: mon: limit caps allowed to access the config store bsc1111177 - CVE-2018-16846: rgw: enforce bounds on max-keys/max-uploads/max-parts bsc1114710 - CVE-2018-16889: rgw: sanitize customer encryption keys from...
MyCrypto: DOM Based XSS in mycrypto.com
Description & PoC The "connected successfully" message is printed out without any output sanitation: F271357 This is how it's being printedthis code snippet is taken from mycrypto-master.js, line 4072: F271359 An attacker can simply put his payload at the link and it'll be embedded within the pag...