CVE-2020-15716

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A remote attacker could exploit this vulnerability using the tab parameter in a crafted URL...

CVE-2019-11843

The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL Reflective Server-Side XSS...

CVE-2013-7381

libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify...

CVE-2019-15505

drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic which may be remote via usbip or usbredir...

CVE-2019-5917

azure-umqtt-c available through GitHub prior to 2017 October 6 allows remote attackers to cause a denial of service via unspecified vectors...

Directory traversal

FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or delete arbitrary files via index.php?s=Admin-Data-Down-id-..\ or index.php?s=Admin-Data-Del-id-..\ directory traversal...

Apache Tomcat < 6.0.14 Multiple Vulnerabilities

According to its self-reported version number, the Apache Tomcat instance listening on the remote host is prior to 6.0.14. It is, therefore, affected by the following vulnerabilities : - Cross-site scripting XSS vulnerabilities exists due to improper validation of user-supplied input before...

Tcpreplay Denial of Service Vulnerability

Tcpreplay is a set of open source utilities for editing and replaying network traffic for UNIX based operating systems. A security vulnerability exists in the 'getl2len' function in the common/get.c file in Tcpreplay version 4.3.0 beta 1. A remote attacker can exploit this vulnerability with the...

Haxx libcurl man-in-the-middle attack vulnerability (CNVD-2018-07226)

Haxx libcurl is a free , open source client-side URL transport library from the Swedish company Haxx. The library supports FTP, FTPS, TFTP, HTTP and so on. A security vulnerability exists in the 'verifycertificate' function in the lib/vtls/schannel.c file in Haxx libcurl versions 7.30.0 through...

USN-3455-1 wpa vulnerabilities

Mathy Vanhoef discovered that wpasupplicant and hostapd incorrectly handled WPA2. A remote attacker could use this issue with key reinstallation attacks to obtain sensitive information. CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086,...

CVE-2017-7598

tifdirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted image...

ALPINE-CVE-2016-10198

The gstaacparsesinksetcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service invalid memory read and crash via a crafted audio file...

gstreamer-plugins-good: Heap buffer overflow in FLIC decoder

Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application...

Serimux SSH Console Switch 2.4 - Multiple XSS Vulnerabilities

Document Title: =============== Serimux SSH Console Switch 2.4 - Multiple XSS Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1942 Release Date: ============= 2016-10-03 Vulnerability Laboratory ID VL-ID:...

MGASA-2016-0288 Updated bsdiff packages fix security vulnerability

Integer signedness error in bspatch.c in bspatch in bsdiff allows remote attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow via a crafted patch file CVE-2014-9862...

CVE-2016-3714

The 1 EPHEMERAL, 2 HTTPS, 3 MVG, 4 MSL, 5 TEXT, 6 SHOW, 7 WIN, and 8 PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."...

Philips In.Sight Default Credentials (HTTP)

The remote Philips In.Sight Device has default credentials set. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

php: pcntl_exec() accepts paths with NUL character

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

Oracle Solaris Third-Party Patch Update : php (cve_2013_4248_input_validation)

The remote Solaris system is missing necessary patches to address security updates : - The opensslx509parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of a...

CVE-2014-1573

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote attackers to conduct cross-site scripting XSS attacks by sending three values...