ROS-20251117-03

Vulnerability of the xdrtrrqmessage function of the protocol.cpp module of the Red Database Management System is related to dereferencing of a null pointer. Data" is related to dereferencing of a null pointer. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a...

UBUNTU-CVE-2022-48906

In the Linux kernel, the following vulnerability has been resolved: mptcp: Correctly set DATAFIN timeout when number of retransmits is large Syzkaller with UBSAN uncovered a scenario where a large number of DATAFIN retransmits caused a shift-out-of-bounds in the DATAFIN timeout calculation:...

CVE-2023-7094

A vulnerability classified as problematic was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected by this vulnerability is an unknown functionality of the file /protocol/nsasg6.0.tgz. The manipulation leads to information disclosure. The attack can be launched remotely. The explo...

PT-2023-32869 · Netentsec · Netentsec Ns-Asg Application Security Gateway

Name of the Vulnerable Software and Affected Versions: Netentsec NS-ASG Application Security Gateway version 6.3 Description: A vulnerability was found in the Netentsec NS-ASG Application Security Gateway, affecting an unknown functionality of the file /protocol/nsasg6.0.tgz. This issue leads to...

Exploit for Race Condition in Microsoft

CVE-2023-36884-Checker Script to check for CVE-2023-36884 har...

Office and Windows HTML Remote Code Execution Vulnerability (CVE-2023-36884) Mitigation

The remote system may be vulnerable to CVE-2023-36884 since it does not have the correct FEATUREBLOCKCROSSPROTOCOLFILENAVIGATION registry key mitigations applied as referenced in the vendor advisory. An unauthenticated, remote attacker could exploit this, by using specially-crafted Microsoft Offi...

PT-2023-13661 · Ehoney · Ehoney

Name of the Vulnerable Software and Affected Versions: Ehoney version 2.0.0 Description: The issue allows attackers to execute arbitrary code due to a SQL Injection vulnerability in models/protocol.go and models/images.go. Recommendations: For Ehoney version 2.0.0, consider restricting access to...

PT-2022-23368 · Osu Open Source · Vncauthproxy

Name of the Vulnerable Software and Affected Versions: OSU Open Source Lab VNCAuthProxy versions 1.1.1 and earlier Description: The issue is an authentication-bypass vulnerability in the VNCServerAuthenticator, located in vncap/vnc/protocol.py, which could allow a malicious actor to gain...

Ntop nDPI Buffer Overflow Vulnerability (CNVD-2020-36703)

Ntop nDPI is an open source library for deep packet inspection from Ntop Italy. A buffer overflow vulnerability exists in the ndpisearchoracle file in lib/protocols/oracle.c in Ntop nDPI 3.2 and earlier versions. The vulnerability stems from a network system or product performing operations in...

OSCI Transport Library OSCI-Transport Decryption Transport Encryption Algorithm Vulnerability

OSCI Transport Library Java is a Java library of mandatory transport protocols for German e-government, and OSCI Transport Library .NET is its .NET version.OSCI-Transport is one of the XML-based transport protocols. A security vulnerability exists in OSCI Transport Library version 1.6.1 Java and ...

OSCI Transport Library OSCI-Transport Signature Package Vulnerability

OSCI Transport Library Java is a Java library of mandatory transport protocols for German e-government, and OSCI Transport Library .NET is its .NET version.OSCI-Transport is one of the XML-based transport protocols. A security vulnerability exists in OSCI Transport Library version 1.6.1 Java and...

WingFTP 3.2.4 Cross Site Request Forgery

Application: WingFTP Server 3.2.4 maybe earlier versions too Link: http://www.wftpserver.com/ Vulnerability: CSRF Author: Ams Contact: mail: ax330d at gmail dot com site: http://www.0x416d73.name/ 1. About software "Wing FTP server is not only a FTP server. It's a multi-protocol file serverFTP,...

Wing FTP Server 3.2.4 - Cross-Site Request Forgery

Wing FTP Server 3.2.4 - Cross-Site Request Forgery Application: WingFTP Server 3.2.4 maybe earlier versions too Link: http://www.wftpserver.com/ Vulnerability: CSRF Author: Ams Contact: mail: ax330d at gmail dot com site: http://www.0x416d73.name/ 1. About software "Wing FTP server is not only a...

Samba smbd远程信息泄露漏洞

BUGTRAQ ID: 32494 CVECAN ID: CVE-2008-4314 Samba是一套实现SMB（Server Messages Block）协议、跨平台进行文件共享和打印共享服务的程序。 Samba在处理trans、trans2和nttrans请求时存在边界条件错误。这些请求用于在客户端和服务器之间传输任意数量的内存，包含有两个偏移：偏移A指向客户端所发送的PDU，偏移B将传输的内存引导到服务端上的缓冲区。由于在偏移A中的一个剪切错误，导致远程攻击者可以通过发送特制的请求泄露受限制的smbd进程内存。 Samba 3.0.29 - 3.2.4 Samba -----...

FreeBSD 3.0 - UNIX-domain Panic (Denial of Service)

FreeBSD 3.0 - UNIX-domain Panic Denial of Service / source: https://www.securityfocus.com/bid/168/info A vulnerability in FreeBSD's UNIX-domain protocol implementation of file descriptor passing can cause the kernel to panic. / include include include include include include define PATH "/tmp/123...