PT-2022-5597 · Gpac +2 · Gpac +2

Name of the Vulnerable Software and Affected Versions: GPAC affected versions not specified Description: The issue is related to the function svg parse preserveaspectratio of the SVG Parser component in the GPAC multimedia platform. It is caused by incorrect clearing or freeing of resources,...

PT-2019-5708 · Python +8 · Python +8

Name of the Vulnerable Software and Affected Versions: Python versions 2.x through 2.7.16 Python versions 3.x before 3.4.10 Python versions 3.5.x before 3.5.7 Python versions 3.6.x before 3.6.9 Python versions 3.7.x before 3.7.3 Description: The issue is related to the incorrect domain validation...

GHSA-HXHM-3VJ9-6CQH apk-parser2 downloads Resources over HTTP

Affected versions of apk-parser2 insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

PT-2018-16290 · Samsung · Samsung Smartthings Hub

Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub version 0.20.17 Description: A buffer overflow issue exists in the /cameras/XXXX/clips handler of the video-core's HTTP server. The video-core process incorrectly handles user-controlled JSON payloads, leading to a...

GHSA-VCFP-PPQW-MF23 fis-sass-all downloads Resources over HTTP

Affected versions of fis-sass-all insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

OCS Inventory NG Webconsole Shell Upload

Title Unrestricted File Upload RCE in OCS Inventory NG Webconsole before 2.5 Reserved CVE CVE-2018-14857 Vulnerability Overview OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions...

GHSA-PMG9-P9R2-6Q87 ReDoS via long UserAgent header in ua-parser

Affected versions of ua-parser are vulnerable to regular expression denial of service when given a specially crafted User-Agent header. Recommendation No patch is currently available for this vulnerability. The best mitigation is currently to avoid using this package, using a different,...

GHSA-3VG2-4QXC-CH4J Directory Traversal in unicorn-list

Affected versions of unicorn-list resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Examp...

WordPress iThemes Security Plugin < 7.0.3 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Plugin iThemes Securitybetter-wp-security = 7.0.2 - Authenticated SQL Injection Exploit Author: Çlirim Emini Website: https://www.sentry.co.com/ Vendor Homepage: https://ithemes.com/ Software Link:...

CVE-2018-1000180

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 bet...

MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery

MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery Exploit Title: MyBB Admin Notes Plugin - CSRF Date: 2018-05-14 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1106 Version: 1.1 Tested on: Ubuntu 18.04 1...

PT-2018-5361 · Moxa · Moxa Edr-810

Name of the Vulnerable Software and Affected Versions: Moxa EDR-810 version 4.1 build 17030317 Description: A command injection issue exists in the web server functionality, allowing a specially crafted HTTP POST to cause a privilege escalation, resulting in a root shell. An attacker can inject O...

PT-2018-16245 · Hyland · Hyland Perceptive Document Filters

Name of the Vulnerable Software and Affected Versions: Hyland Perceptive Document Filters version 11.4.0.2647 Description: A stack-based buffer overflow exists in the DOC-to-HTML conversion functionality. This issue can be exploited by a crafted .doc document, leading to a stack-based buffer...

PT-2018-3113 · Blender +1 · Blender +1

Name of the Vulnerable Software and Affected Versions: Blender version 2.78c Description: An integer overflow exists in the way Blender draws a Particle object, which can be exploited by a specially crafted .blend file to cause a buffer overflow, potentially allowing for code execution under the...

PT-2018-1300 · Cisco · Cisco Ftd +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: Multiple vulnerabilities in the Application Layer Protocol Inspection...

WordPress Plugin CMS Tree Page View 1.4 - Cross-Site Request Forgery Privilege Escalation

WordPress Plugin CMS Tree Page View 1.4 - Cross-Site Request Forgery Privilege Escalation Exploit Title: CMS Tree Page View CSRF, Privilege Escalation Discovery Date: 2017-12-12 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: http://eskapism.se/...

RPi Cam Control < 6.4.34 Multiple Vulnerabilities - Active Check

RPi Cam Control is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rpi:camcontrol";...

lindenvalley.de Improper Access Control vulnerability

Vulnerable URL: https://www.lindenvalley.de/.git/config Details: Description| Value ---|--- Patched:| No Latest check for patch:| 17.01.2018 Vulnerability type:| Improper Access Control Vulnerability status:| Publicly disclosed Alexa Rank| 3132691 VIP website status:| No Coordinated Disclosure...

reg.kost.ru Open Redirect vulnerability

Vulnerable URL: http://reg.kost.ru/cgi-bin/go?https://openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 09.01.2018 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No...

tembeleza.com.br Open Redirect vulnerability

Vulnerable URL: http://tembeleza.com.br/loja/redirect.php?action=url=www.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.12.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP...