kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS

A vulnerability found in the Linux kernel's WMM implementation for Marvell WiFi-based hardware mwifiex could lead to a denial of service or allow arbitrary code execution. For this flaw to be executed, the attacker must be both local and privileged. There is no mitigation to this flaw. A patch ha...

kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS

A vulnerability found in the Linux kernel's WMM implementation for Marvell WiFi-based hardware mwifiex could lead to a denial of service or allow arbitrary code execution. For this flaw to be executed, the attacker must be both local and privileged. There is no mitigation to this flaw. A patch ha...

CVE-2020-6848

Axper Vision II 4 devices allow XSS via the DEVICENAME aka Device Name parameter to the configWebParams.cgi URI...

Apache Solr Remote Code Execution via Velocity Template

This module exploits a vulnerability in Apache Solr 'Apache Solr Remote Code Execution via Velocity Template', 'Description' = %q This module exploits a vulnerability in Apache Solr = 8.3.0 which allows remote code execution via a custom Velocity template. Currently, this module only supports Sol...

CVE-2019-16764

The use of String.toatom/1 in PowAssent is susceptible to denial of service attacks. In PowAssent.Phoenix.AuthorizationController a value is fetched from the user provided params, and String.toatom/1 is used to convert the binary value to an atom so it can be used to fetch the provider...

iSmartViewPro 1.3.34 - Denial of Service (PoC)

iSmartViewPro 1.3.34 - Denial of Service PoC Exploit Title: iSmartViewPro 1.3.34 - Denial of Service PoC Discovery by: Ivan Marmolejo Discovery Date: 2019 -11-16 Vendor Homepage: http://www.smarteyegroup.com/ Software Link: https://apps.apple.com/mx/app/ismartviewpro/id834791071 Tested Version:...

Linux kernel integer overflow vulnerability (CNVD-2019-25055)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. An integer overflow vulnerability exists in the 'setupformatparams' function in the drivers/block/floppy.c file in Linux kernel versions prior to 5.2.3. The...

CVE-2019-14284

In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setupformatparams division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make FSECTPERTRACK be zero. Next, the floppy format...

Parameth - This Tool Can Be Used To Brute Discover GET And POST Parameters

This tool can be used to brute discover GET and POST parameters Often when you are busting a directory for common files, you can identify scripts for example test.php that look like they need to be passed an unknown parameter. This hopefully can help find them. The -off flag allows you to specify...

Cross site scripting

AppCMS 2.0.101 allows XSS via the upload/callback.php params parameter...

CVE-2019-9595

AppCMS 2.0.101 allows XSS via the upload/callback.php params parameter...

kernel: MIDI driver race condition leads to a double-free

It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc double free in sndrawmidiinputparams and sndrawmidioutputstatus which are part of sndrawmidiioctl handler in rawmidi.c file. A malicious local attacker could possibly use this f...

rubygem-sinatra: XSS in the 400 Bad Request page

Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception...

rubygem-sinatra: XSS in the 400 Bad Request page

Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception...

ghostscript: Improperly implemented security check in zsetdevice function in psi/zdevice.c

An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used...

Google Android Buffer Overflow Vulnerability (CNVD-2019-27579)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. A buffer overflow vulnerability exists in the 'impdparametricdrcparsegainsetparams' function of the impddrcstaticpayload.c file in Android version 9, which stems from a lack of...

RubyGems: 65534 times efficient, Brute-force attack for api_key

I have found that type checking for apikey is insufficient in rubygems.org's source code. https://github.com/rubygems/rubygems.org/blob/master/app/controllers/applicationcontroller.rbL63 ruby def authenticatewithapikey apikey = request.headers"Authorization" || params:apikey @apiuser =...

Unspecified Vulnerability in Artifex Ghostscript LockSafetyParams

Artifex Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. Postscript file. A security...

UBUNTU-CVE-2018-19409

An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used...

UBUNTU-CVE-2018-19214

Netwide Assembler NASM 2.14rc15 has a heap-based buffer over-read in expandmmacparams in asm/preproc.c for insufficient input...