12 matches found
CVE-2019-25589
ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a crafted payload into the Shell configuration field and trigger a crash when...
CVE-2019-25589 ZOC Terminal 7.23.4 Buffer Overflow Denial of Service
ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a crafted payload into the Shell configuration field and trigger a crash when...
EUVD-2019-19920
ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a crafted payload into the Shell configuration field and trigger a crash when...
CVE-2019-25589
ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a crafted payload into the Shell configuration field and trigger a crash when...
PT-2026-26955
ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a crafted payload into the Shell configuration field and trigger a crash when...
HackerOne: [Bypass #645264] Report title disclosure despite the program settings for email notification is set to "No Content"
Hi Team, Summary: There is newly disclosed resolved report Program Email Nofication settings ignored when being added as an external contributor, However i found that the fix is incomplete. I have found that email invitation for a collaborator bounty splitting still disclosing the Report title in...
CVE-2018-13014
Storing password in recoverable format in safensec.com SysWatch service in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.2 allows the local attacker to restore the SysWatch password from the settings database and...
Design/Logic Flaw
Storing password in recoverable format in safensec.com SysWatch service in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.2 allows the local attacker to restore the SysWatch password from the settings database and...
CVE-2018-13014
Storing password in recoverable format in safensec.com SysWatch service in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.2 allows the local attacker to restore the SysWatch password from the settings database and...
CVE-2018-13014
The CVE-2018-13014 vulnerability affects SAFE’N’SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite prior to version 4.4.2. The issue is that the safensec.com SysWatch service stores passwords in a recoverable format, enabling a local att...
HackerOne: resolved bugs in a program are public despite the program settings
Summary: when navigating to https://hackerone.com/YOURPROGRAMHANDLE/displayoptions and unchecking the Reports resolved checkbox, the resolved bugs number won't be public at the program page, but going to https://hackerone.com/directory?query=YOURPROGRAMHANDLE , the number of the resolved bug will...
SimpGB version 1.46.02 Information Disclosure Vulnerability
netVigilance Security Advisory 66 SimpGB version 1.46.02 Information Disclosure Vulnerability Description: SimpGB is a guestbook with data stored in MySQL, administration interface and support for multiple languages. Features: Data stored in MySQL, Administration interface, Support for multiple...