Lucene search
K

161 matches found

OpenVAS
OpenVAS
added 2018/06/27 12:0 a.m.50 views

Mozilla Firefox ESR Security Advisories (MFSA2018-15, MFSA2018-17) - 01 - Mac OS X

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

9.8CVSS9.1AI score0.04647EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2018/06/27 12:0 a.m.33 views

Mozilla Firefox ESR Security Advisories (MFSA2018-15, MFSA2018-17) - 01 - Windows

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

9.8CVSS7.8AI score0.04831EPSS
Exploits1References1
Mozilla
Mozilla
added 2018/06/26 12:0 a.m.551 views

Security vulnerabilities fixed in Firefox 61 — Mozilla

A buffer overflow can occur when rendering canvas content while adjusting the height and width of the element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when deleti...

9.8CVSS9.5AI score0.04647EPSS
Exploits0References19Affected Software1
ossfuzz
ossfuzz
added 2018/06/21 7:49 a.m.13 views

qcms/fuzz: Use-of-uninitialized-value in clamp_float

Detailed report: https://oss-fuzz.com/testcase?key=5718259826425856 Project: qcms Fuzzer: libFuzzerqcmsfuzz Fuzz target binary: fuzz Job Type: libfuzzermsanqcms Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: clampfloat qcmstransformmodulematrix...

6.8AI score
Exploits0Affected Software1
ossfuzz
ossfuzz
added 2018/06/15 7:21 a.m.20 views

qcms/fuzz: Heap-buffer-overflow in qcms_transform_module_clut_only

Detailed report: https://oss-fuzz.com/testcase?key=4902996180729856 Project: qcms Fuzzer: libFuzzerqcmsfuzz Fuzz target binary: fuzz Job Type: libfuzzerasanqcms Platform Id: linux Crash Type: Heap-buffer-overflow READ 4 Crash Address: 0x6030000000e0 Crash State: qcmstransformmoduleclutonly...

6.8AI score
Exploits0Affected Software1
ossfuzz
ossfuzz
added 2018/06/07 11:4 p.m.17 views

qcms/fuzz: Use-of-uninitialized-value in clamp_float

Detailed report: https://oss-fuzz.com/testcase?key=6234196346404864 Project: qcms Fuzzer: libFuzzerqcmsfuzz Fuzz target binary: fuzz Job Type: libfuzzermsanqcms Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: clampfloat qcmstransformmodulematrix...

6.8AI score
Exploits0Affected Software1
ossfuzz
ossfuzz
added 2018/05/24 4:51 a.m.14 views

qcms/fuzz: Heap-buffer-overflow in qcms_transform_module_clut_only

Detailed report: https://oss-fuzz.com/testcase?key=5982351954804736 Project: qcms Fuzzer: aflqcmsfuzz Fuzz target binary: fuzz Job Type: aflasanqcms Platform Id: linux Crash Type: Heap-buffer-overflow READ 4 Crash Address: 0x6090000002b4 Crash State: qcmstransformmoduleclutonly...

6.8AI score
Exploits0Affected Software1
ossfuzz
ossfuzz
added 2018/05/21 2:17 p.m.15 views

qcms/fuzz: Use-of-uninitialized-value in read_nested_curveType

Detailed report: https://oss-fuzz.com/testcase?key=5644688471097344 Project: qcms Fuzzer: libFuzzerqcmsfuzz Fuzz target binary: fuzz Job Type: libfuzzermsanqcms Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: readnestedcurveType readtaglutmABType...

6.8AI score
Exploits0Affected Software1
seebug.org
seebug.org
added 2018/03/13 12:0 a.m.71 views

QCMS最新版3.0.1后台登录验证可绕过,结合任意文件上传可前台getshell

...

0.8AI score
Exploits0
NVD
NVD
added 2018/03/12 5:29 a.m.17 views

CVE-2018-8069

QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI...

5.4CVSS5.3AI score0.00531EPSS
Exploits1References1
OSV
OSV
added 2018/03/12 5:29 a.m.3 views

CVE-2018-8070

QCMS version 3.0 has XSS via the title parameter to the /guest/index.html URI...

5.4CVSS5.8AI score0.00531EPSS
Exploits1References1
OSV
OSV
added 2018/03/12 5:29 a.m.4 views

CVE-2018-8069

QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI...

5.4CVSS5.8AI score0.00531EPSS
Exploits1References1
NVD
NVD
added 2018/03/12 5:29 a.m.23 views

CVE-2018-8070

QCMS version 3.0 has XSS via the title parameter to the /guest/index.html URI...

5.4CVSS5.6AI score0.00531EPSS
Exploits1References1
Prion
Prion
added 2018/03/12 5:29 a.m.12 views

Design/Logic Flaw

QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI...

3.5CVSS5.2AI score0.00531EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/03/12 5:0 a.m.18 views

CVE-2018-8069

QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI...

5.3AI score0.00531EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/03/12 5:0 a.m.29 views

CVE-2018-8070

QCMS version 3.0 has XSS via the title parameter to the /guest/index.html URI...

5.5AI score0.00531EPSS
Exploits1References1
CVE
CVE
added 2018/03/12 5:0 a.m.49 views

CVE-2018-8070

CVE-2018-8070 describes an XSS vulnerability in QCMS 3.0 triggered by the title parameter to the /guest/index.html URI. The issue is due to improper handling of user-supplied input in that parameter, enabling cross-site scripting. Multiple connected sources (Red Hat, CNVD, and others) confirm the...

5.4CVSS5.5AI score0.00531EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/03/12 5:0 a.m.45 views

CVE-2018-8069

QCMS 3.0 is affected by a cross-site scripting vulnerability: an attacker can inject arbitrary script via the webname parameter in the /backend/system.html URI. The issue is reported across multiple sources (NVD CVE-2018-8069 and Red Hat/CNVD entries). The root cause is improper handling/encoding...

5.4CVSS5.2AI score0.00531EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/03/12 12:0 a.m.4 views

QCMS Cross-Site Scripting Vulnerability

QCMS is an open source content management system CMS for creating responsive websites. A cross-site scripting vulnerability exists in QCMS version 3.0. A remote attacker can exploit this vulnerability by sending the 'webname' parameter to the /backend/system.html URI to inject arbitrary web scrip...

5.4CVSS6.2AI score0.00531EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2016/07/07 12:0 a.m.6 views

The vulnerability of the Firefox browser allows a remote attacker to gain access to the dynamic memory of the process or trigger a service denial-of-service attack.

The vulnerability of the Firefox browser in the implementation of the QCMS component allows a malicious actor to gain access to confidential information from the dynamic memory of the process, or to trigger a service failure reading beyond the boundaries of the system by using an image that is...

6.4CVSS7.7AI score0.02815EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder