Tenable SecurityCenter 5.13.0 - 5.17.0 Remote Code Execution (TNS-2021-03)

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is in the 5.13.0 through 5.17.0 version range. Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated,...

OESA-2021-1022 nasm security update

NASM is the Netwide Assembler, a free portable assembler for the Intel 80x86 microprocessor series, using primarily the traditional Intel instruction mnemonics and syntax. It also provides tools in RDOFF binary format, includes linker, library manager, loader, and information dump.\r\n\r\n Securi...

Ucopia Express License Issues Vulnerability

Ucopia Express is a device used to manage Wifi used by the French company Ucopia. A security vulnerability exists in Ucopia Express 6.0.5 that allows the use of chroothole client PHP calls to execute arbitrary code with root privileges...

PHP interpreter suffers from an out-of-bounds read vulnerability (CNVD-2020-69476)

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. An out-of-bounds read vulnerability exists in the PHP interpreter, which can be exploited by an attacker to...

PHP interpreter has an out-of-bounds read vulnerability

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. An out-of-bounds read vulnerability exists in the PHP interpreter, which can be exploited by an attacker to...

PHP interpreter suffers from an out-of-bounds read vulnerability (CNVD-2020-69474)

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. An out-of-bounds read vulnerability exists in the PHP interpreter, which can be exploited by an attacker to...

Command execution vulnerability exists in MyuCMS (CNVD-2020-67557)

MyuCMS front-end is built with UIkit framework, back-end is built with layui back-end framework and back-end is developed with PHP+MYSQL. MyuCMS has a command execution vulnerability that can be exploited by attackers to gain server control privileges...

SQL Injection Vulnerability in PHP Version of Nettie CMS

OTCMS Nettie CMS is an article-based web content management system CMS. A SQL injection vulnerability exists in the PHP version of OTCMS, which can be exploited by attackers to obtain sensitive information from the database...

UBUNTU-CVE-2020-24978

In NASM 2.15.04rc3, there is a double-free vulnerability in pptokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7...

UBUNTU-CVE-2020-24242

In Netwide Assembler NASM 2.15rc10, SEGV can be triggered in toktext in asm/preproc.c by accessing READ memory...

OSV-2020-1583 Segv on unknown address in clang::Preprocessor::LexHeaderName

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24668 Crash type: Segv on unknown address Crash state: clang::Preprocessor::LexHeaderName clang::Preprocessor::HandleIncludeDirective clang::Preprocessor::HandleDirective...

llvm:clang-objc-fuzzer: Segv on unknown address in clang::Preprocessor::LexHeaderName

Detailed Report: https://oss-fuzz.com/testcase?key=4823847375994880 Project: llvm Fuzzing Engine: libFuzzer Fuzz Target: clang-objc-fuzzer Job Type: libfuzzermsanllvm Platform Id: linux Crash Type: Segv on unknown address Crash Address: Crash State: clang::Preprocessor::LexHeaderName...

PT-2020-5676 · Netwide Assembler +1 · Nasm +1

Name of the Vulnerable Software and Affected Versions: NASM version 2.15.04rc3 Description: The issue is related to a double-free vulnerability in the pp tokline function of the asm/preproc.c file in the NASM assembler for x86 architecture. This vulnerability can be exploited by a remote attacker...

OSV-2020-1479 Segv on unknown address in clang::Preprocessor::AnnotatePreviousCachedTokens

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19064 Crash type: Segv on unknown address Crash state: clang::Preprocessor::AnnotatePreviousCachedTokens clang::Parser::TryAnnotateTypeOrScopeTokenAfterScopeSpec clang::Parser::TryAnnotateTypeOrScopeToken...

Exploit for Out-of-bounds Write in Php

This is an exploit module for a bug in php-fpm CVE-2019-11043. The bug is possible to trigger from the outside in certain nginx + php-fpm configurations, allowing a web user to execute code if the configuration is vulnerable. The exploit targets the "PHPVALUE" directive in the php.ini file, which...

Command execution vulnerability in SongCMS PHP version (CNVD-2020-38508)

SongCMS PHP Edition is an open source CMS based on PHP+MySQL. SongCMS PHP Edition suffers from a command execution vulnerability that can be exploited by attackers to execute malicious code...

MayiCMS has a flawed logic vulnerability

MayiCMS is a php mysql based website builder. MayiCMS suffers from a logic flaw vulnerability that can be exploited by attackers to perform unauthorized operations...

Artica Pandora FMS Code Issue Vulnerability

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A code issue vulnerability exists in File Manager in Artica Pandora FMS 7.42 and prior versions. An attacker can exploit t...

SQL Injection Vulnerability in Wecenter of Shenzhen Weike Interactive Co.

WeCenter is a completely open source social networking program similar to Zhihu based on Q&A, based on PHP+MYSQL application architecture. WeCenter has a SQL injection vulnerability that can be exploited by attackers to obtain sensitive database information...

UBUNTU-CVE-2019-20352

In Netwide Assembler NASM 2.15rc0, a heap-based buffer over-read occurs via a crafted .asm file in settextfree when called from expandonesmacro in asm/preproc.c...