Arbitrary Code Execution

Open Racing Car Simulator TORCS is vulnerable to arbitrary code execution. A remote attacker could inject and execute arbitrary code via a long file name in an engine sample attribute in an xml configuration file...

USN-4641-1 libextractor vulnerabilities

It was discovered that Libextractor incorrectly handled zero sample rate. An attacker could possibly use this issue to cause a denial of service. CVE-2017-15266 It was discovered that Libextractor incorrectly handled certain FLAC metadata. An attacker could possibly use this issue to cause a deni...

CVE-2020-8740

CVE-2020-8740 is an out-of-bounds write in Intel BIOS platform sample code for certain Intel processors that may allow a locally authenticated attacker to escalate privileges. The Intel advisory (INTEL-SA-00390) documents this alongside related CVEs and indicates updates to BIOS platform sample c...

CVE-2020-8738

CVE-2020-8738 is tied to Intel BIOS platform sample code with an improper conditions check that may allow a locally authenticated user to escalate privileges on certain Intel processors. The CVE is detailed in Intel advisory Intel-SA-00390, which also covers related CVEs (8739, 8740, 8764) and ma...

PT-2020-5887 · Openexr +5 · Openexr +5

Name of the Vulnerable Software and Affected Versions: OpenEXR versions prior to 3.0.0-beta Description: The issue is related to a flaw in OpenEXR's deep tile sample size calculations, which can lead to an integer overflow and subsequently an out-of-bounds read when a crafted file is processed...

sample-school-newsletter.com Cross Site Scripting vulnerability OBB-1423394

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

sample-jobapplication.com Cross Site Scripting vulnerability OBB-1423390

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Unbreakable Enterprise kernel security update

4.14.35-2025.401.4 - KVM: x86: always expose VIRTSSBD to guests Paolo Bonzini Orabug: 31957046 4.14.35-2025.401.3 - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE Suravee Suthikulpanit Orabug: 31931371 - oracleasm: Access dbdev before dropping inode Stephen Brennan Orabug: 31901948 -...

sample.home-report.jp Cross Site Scripting vulnerability OBB-1288040

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Exploit for Deserialization of Untrusted Data in Telerik Ui_For_Asp.Net_Ajax

TelerikUI Python Scanner telerikrcescan.py Examples A...

The vulnerability of the Sample apps component of the Oracle WebLogic Server application server allows a perpetrator to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the Sample apps component of the Oracle WebLogic Server application server is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information or to modify, add, or...

The vulnerability of the Sample apps component of the Oracle WebLogic Server application server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Sample apps component of the Oracle WebLogic Server application server is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Sample apps component of the Oracle WebLogic Server application server allows a perpetrator to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the Sample apps component of the Oracle WebLogic Server application server is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information or to modify, add, or...

The vulnerability of the Sample apps component of the Oracle WebLogic Server application server allows a perpetrator to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the Sample apps component of the Oracle WebLogic Server application server is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information or to modify, add, or...

The vulnerability of the Sample apps component of the Oracle WebLogic Server application server allows a perpetrator to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the Sample apps component of the Oracle WebLogic Server application server is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information or to modify, add, or...

curl: Connect-only connections can use the wrong connection

Summary: If a connect-only easy handle is not read from or written to, its connection can time out and be closed. If a new connection is created it can be allocated at the same address, causing the easy handle to use the new connection. This new connection may not be connected to the same server ...

CVE-2020-3688

Possible buffer overflow while parsing mp4 clip with corrupted sample atoms due to improper validation of index in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in...

Buffer overflow

Possible buffer overflow while parsing mp4 clip with corrupted sample atoms due to improper validation of index in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in...

OSV-2020-1006 Use-of-uninitialized-value in decimate_dsd_run

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19928 Crash type: Use-of-uninitialized-value Crash state: decimatedsdrun WavpackUnpackSamples WavpackSeekSample64...

Directory Management System (DMS) 1.0 SQL Injection

Exploit Title: Directory Management System DMS 1.0 - Authentication Bypass Date: 2020-07-20 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage: https://phpgurukul.com/directory-management-system-using-php-and-mysql/ Software Link:...