549 matches found
Samsung Tizen č¾å „éŖčÆéčÆÆę¼ę“
Samsung Tizen is an open-source Linux-based mobile operating system from Samsung, South Korea, for smartphones, tablets, smartwatches, netbooks, in-vehicle messaging and entertainment devices, and smart TVs. Samsung Tizen suffers from a code injection vulnerability that stems from an input...
OSV-2021-900 Negative-size-param in WebPRescalerInit
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35583 Crash type: Negative-size-param Crash state: WebPRescalerInit AllocateAndInitRescaler VP8LDecodeImage...
OSV-2021-849 Negative-size-param in mrb_str_format
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35109 Crash type: Negative-size-param Crash state: mrbstrformat mrbfsprintf mrbvmexec...
in squell/id3
āļø Description Archive.org is a worthy cause to support. š During testing of id3 compiled from commit a899ea with Clang 13+ASan on Ubuntu 20.04.2, we discovered a payload which triggers a negative-size-param: size=-4 error when calling memcpy. This particular bug was discovered with the AFL fuzzer...
Unspecified vulnerability in GNU LibreDWG memcpy-param-overlap
LibreDWG is a free C library for reading and writing DWG files. The read2004sectionheader in GNU LibreDWG version 0.10 ... /... /src/decode.c:2580 contains a security vulnerability in memcpy-param-overlap. An attacker can exploit this vulnerability to execute arbitrary code...
CVE-2020-21844
GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: execute arbitrary code remote. The component is: read2004sectionheader ../../src/decode.c:2580...
CVE-2020-21844
GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: execute arbitrary code remote. The component is: read2004sectionheader ../../src/decode.c:2580...
Code injection
GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: execute arbitrary code remote. The component is: read2004sectionheader ../../src/decode.c:2580...
CVE-2020-21844
CVE-2020-21844 affects GNU LibreDWG 0.10. The vulnerability is in memcpy-param-overlap in the read_2004_section_header function (../../src/decode.c:2580), exposing remote code execution. The connected records confirm the affected component and exact location, but do not provide further exploit sp...
CVE-2020-21844
GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: execute arbitrary code remote. The component is: read2004sectionheader ../../src/decode.c:2580...
Cross site scripting
The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is an independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. All versions of Flask-Security-Too allow redirects after many successful views e....
OSV-2021-766 Negative-size-param in frame_get_vlmetalayers
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34259 Crash type: Negative-size-param Crash state: framegetvlmetalayers frametoschunk blosc2schunkfrombuffer...
Command injection in bestzip
The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param...
CVE-2021-24239
The Pie Register ā User Registration Forms. Invitation based registrations, Custom Login, Payments WordPress plugin before 3.7.0.1 does not sanitise the invitaioncode GET parameter when outputting it in the Activation Code page, leading to a reflected Cross-Site Scripting issue...
CITSmart ITSM 9.1.2.27 - (query) Time-based Blind SQL Injection (Authenticated) Vulnerability
Exploit Title: CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection Authenticated Google Dork: "citsmart.local" Exploit Author: skysbsb Vendor Homepage: https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html Version: = 9.1.2.28 Vendor has...
U.S. Dept Of Defense: DOM Based XSS on https://āāāā via backURL param
Description: The following endpoint suffers from DOM Based XSS https://āāāāāāāā/āāāāāā=javascript:alertdocument.domain The āāāāāāāā param determines the content which will be displayed on the "Back to Search Result" button, eventually leading to RXSS. References āāāāāā Regards nagli Impact...
Health Center Patient Record Management System 1.0 Cross Site Scripting Vulnerability
Exploit Title: Health Center Patient Record Management System | 'address' param Stored Cross Site Scripting Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/11058/health-center-patient-record-management-system.html Software Link:...
NewStart CGSL MAIN 6.02 : libtiff Vulnerability (NS-SA-2021-0058)
The remote NewStart CGSL host, running version MAIN 6.02, has libtiff packages installed that are affected by a vulnerability: - tifgetimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow...
OSV-2021-366 Negative-size-param in frame_get_metalayers
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30748 Crash type: Negative-size-param Crash state: framegetmetalayers frametoschunk blosc2schunkfrombuffer...
OSV-2021-274 Memcpy-param-overlap in frame_get_metalayers
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30253 Crash type: Memcpy-param-overlap Crash state: framegetmetalayers blosc2frametoschunk fuzzdecompressframe.c...