Cuppa CMS v1.0 - SQL injection

CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php. id: CVE-2022-27985 info: name: Cuppa CMS v1.0 - SQL injection author: theamanrawat severity: critical description: | CuppaCMS v1.0 was discovered to contain a SQL injection...

Odoo 8.0/9.0/10.0 - Local File Inclusion

Odoo 8.0, 9.0, and 10.0 are susceptible to local file inclusion via tools.fileopen. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2017-9416 info: name: Odoo 8.0/9.0/10.0 -...

Joomla! Component com_jvideodirect - Directory Traversal

Directory traversal vulnerability in the jVideoDirect comjvideodirect component for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-0942 info: name: Joomla! Component comjvideodirect - Directory Traversal author:...

DedeCMS 5.7 - SQL Injection

DedeCMS through 5.7 has SQL Injection via the $FILES superglobal to plus/recommend.php. id: CVE-2017-17731 info: name: DedeCMS 5.7 - SQL Injection author: j4vaovo severity: critical description: | DedeCMS through 5.7 has SQL Injection via the $FILES superglobal to plus/recommend.php. impact: |...

FortiLogger 4.4.2.2 - Arbitrary File Upload

FortiLogger 4.4.2.2 is affected by arbitrary file upload issues. Attackers can send a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then Assets/temp/hotspot/img/logohotspot.asp. id: CVE-2021-3378 info: name: FortiLogger 4.4.2.2 - Arbitrary File Upload author:...

QNAP QTS and Photo Station 6.0.3 - Remote Command Execution

This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions. id: CVE-2019-7192 info: name: QNAP QTS and Photo Station 6.0.3 - Remote Command Execution...

SUSE-SU-2024:3898-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 128.4.0 ESR bsc1231879: - CVE-2024-10458: Permission leak via embed or object elements - CVE-2024-10459: Use-after-free in layout with accessibility - CVE-2024-10460: Confusing display of origin for extern...

CVE-2022-39387

XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its details through request parameters. One can then bypass the XWi...

GHSA-V5XG-3Q2C-C2R4 TensorFlow vulnerable to `CHECK` failure in `TensorListReserve` via missing validation

Impact In core/kernels/listkernels.cc's TensorListReserve, numelements is assumed to be a tensor of size 1. When a numelements of more than 1 element is provided, then tf.rawops.TensorListReserve fails the CHECKEQ in CheckIsAlignedAndSingleElement. python import tensorflow as tf...

CVE-2022-31027 Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator in oauthenticator

OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowedidps...

The microweber application allows large characters to insert in the input field "Email" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request

POC: 1. Go to home page http://127.0.0.1/ and there will a option to signup with email and phone number with 3 check box 2. Screenshot: -- https://ibb.co/F3tPVWY 3. Fill the email parameter with huge characters 4. when the admin check the notification http://127.0.0.1/admin/notification it will b...

GHSA-4J82-5CCR-4R8V `CHECK`-failures in `TensorByteSize` in Tensorflow

Impact A malicious user can cause a denial of service by altering a SavedModel such that TensorByteSize would trigger CHECK failures. cc int64t TensorByteSizeconst TensorProto& t // numelements returns -1 if shape is not fully defined. int64t numelems = TensorShapet.tensorshape.numelements; retur...

[SECURITY] Fedora 33 Update: pacemaker-2.0.5-0.7.rc3.fc33

Pacemaker is an advanced, scalable High-Availability cluster resource manager. It supports more than 16 node clusters with significant capabilities for managing resources and dependencies. It will run scripts at initialization, when machines go up or down, when related resources fail and can be...

eriksfonsterputs.se Cross Site Scripting vulnerability OBB-1488522

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

openSUSE Security Update : MozillaThunderbird (openSUSE-2019-1484)

This update for MozillaThunderbird fixes the following issues : Mozilla Thunderbird was updated to 60.7.0 - Attachment pane of Write window no longer focussed when attaching files using a keyboard shortcut Security issues fixed MFSA 2019-15 boo1135824 : - CVE-2018-18511: Cross-origin theft of...

CVE-2018-5896

In Android releases from CAF using the linux kernel Android for MSM, Firefox OS for MSM, QRD Android before security patch level 2018-06-05, kernel panic may happen due to out-of-bound read, caused by not checking source buffer length against length of packet stream to be copied...

Solaris 10 (sparc) : 121229-02

SunOS 5.10: libssl patch. Date this patch was last updated by Sun : Apr/23/07 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

gemaltodemo.valimo.com XSS vulnerability

Vulnerable URL: http://gemaltodemo.valimo.com/gem1k/signingServlet Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check gemaltodemo.valimo.com SSL connection:|...

vda.gtarcade.com XSS vulnerability

Vulnerable URL:...

automatelouth.uk XSS vulnerability

Vulnerable URL: http://www.automatelouth.uk/shop/basketnew.php?pagefile=" Details: Description| Value ---|--- Patched:| Yes, at 07.12.2015 Latest check for patch:| 07.12.2015 16:30 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google...