dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw...

dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw...

dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw...

CVE-2021-1683

Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. This happens because no HTML escaping is being performed when processing quotes. This applies even when the :escapehtml option was being used in combination with :quote. Details Cross-site scripting or XSS is a...

UBUNTU-CVE-2020-35112

If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension such as .bat or .exe that executable would have been launched instead. Note:...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. The transfer state is serialised with the JSON.stringify function and then written into the HTML page. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a...

Information Disclosure

Adobe Flash Player is vulnerable to information disclosure. An attacker can make use of Same Origin Policy Bypass vulnerability to access critial information...

Arbitrary Code Execution

chromium is vulnerable to arbitrary code execution. The vulnerability exists through insufficient policy enforcement in networking that allows a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...

Same-Origin Policy Bypass

chromium is vulnerable to same-origin policy bypass. Insufficient policy enforcement in extensions allows an attacker, who has convinced a user to install a malicious extension, to bypass same-origin policy via a malicious Chrome Extension...

Gohugoio Hugo Operating System Command Injection Vulnerability

Gohugoio Hugo is a framework from the Gohugoio community based on the Go language for rapid generation of static sites. An operating system command injection vulnerability exists in Hugo versions prior to 0.79.1, which stems from the fact that if a malicious file exe or bat of the same name is...

CVE-2020-26251

Open Zaak is a modern, open-source data- and services-layer to enable zaakgericht werken, a Dutch approach to case management. In Open Zaak before version 1.3.3 the Cross-Origin-Resource-Sharing policy in Open Zaak is currently wide open - every client is allowed. This allows evil.com to run...

Cross site request forgery (csrf)

Open Zaak is a modern, open-source data- and services-layer to enable zaakgericht werken, a Dutch approach to case management. In Open Zaak before version 1.3.3 the Cross-Origin-Resource-Sharing policy in Open Zaak is currently wide open - every client is allowed. This allows evil.com to run...

ALPINE-CVE-2020-29481

An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This means that a new domain created with the same domid will inherit the access rights to Xenstore nodes...

DEBIAN-CVE-2020-29481

An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This means that a new domain created with the same domid will inherit the access rights to Xenstore nodes...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox in that if a user downloads a file without an extension on Windows, and then "opens" it in the download panel, the executable will be launched if the...

Same-Origin Policy Bypass

chromoium is vulnerable to same origin policy bypass. Failure to dismiss http auth dialogs on navigation in Network Authentication allows a remote attacker to confuse the user about the origin of an auto dialog via a malicious HTML page...

Insecure Same Origin Policy

chromium does not properly performs same origin policy checks. A renderer initiated back navigation incorrectly cancels a browser initiated back nagivation and allows a remote attacker to confuse the user's browser on the origin of the current page via a malicious HTML page...

Same-Origin Policy Bypass

chromium is vulnerable to same-origin policy bypass. A remote attacker with access to the renderer process is able to bypass the same origin policy via a malicious HTML page...

EgavilanMedia User Registration And Login System With Admin Panel 1.0 CSRF

Exploit Title: EgavilanMedia User Registration & Login System with Admin Panel 1.0 - CSRF Date: 01-12-2020 Exploit Author: Hardik Solanki Vendor Homepage: http://egavilanmedia.com Software Link:...