CVE-2020-9455

The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users with minimal privileges to send arbitrary emails on behalf of the site via classrmuserservices.php sendemailuserview...

openthread:ip6-send-fuzzer: Index-out-of-bounds in ot::EnergyScanServer::HandleScanResult

Project: https://github.com/openthread/openthread.git Detailed Report: https://oss-fuzz.com/testcase?key=5686760173731840 Project: openthread Fuzzing Engine: libFuzzer Fuzz Target: ip6-send-fuzzer Job Type: libfuzzerubsanopenthread Platform Id: linux Crash Type: Index-out-of-bounds Crash Address:...

PT-2020-20612 · Creative · Creative Contact Form

Name of the Vulnerable Software and Affected Versions: Creative Contact Form extension versions 4.6.2 and earlier Description: A directory traversal issue resides in the filename field for uploaded attachments via the creativecontactform upload parameter in the helpers/mailer.php file. This allow...

openthread:ip6-send-fuzzer: Stack-buffer-overflow in ot::ExtendedTlv::GetLength

Project: https://github.com/openthread/openthread.git Detailed Report: https://oss-fuzz.com/testcase?key=5751684162912256 Project: openthread Fuzzing Engine: honggfuzz Fuzz Target: ip6-send-fuzzer Job Type: honggfuzzasanopenthread Platform Id: linux Crash Type: Stack-buffer-overflow READ 2 Crash...

How to Share Files Securely Online: Dropbox, Firefox Send, and More

There's no shortage of options for sharing documents and more with friends, family, and colleagues. These are your best bets...

systemd-machined Incorrect Reference Decrement

systemd: systemd-machined decrements reference count when references still held I've been looking at the version of systemd shipped in Fedora 31 approximately ef677436aa203c24816021dd698b57f219f0ff64 I noticed that systemd-machined caches image objects, and uses reference counting to keep track o...

WordPress Email Subscribers & Newsletters Elevation of Privilege Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Email Subscribers & Newsletters is an email subscription and newsletter plugin used in it. An elevation of privilege vulnerability exis...

Intesync Solismed Cross-Site Request Forgery Vulnerability

Intesync Solismed is a clinic management system designed for use by independent and free clinics. A cross-site request forgery vulnerability exists in Intesync Solismed. An attacker could exploit the vulnerability to send unintended requests to the server via an affected client...

UBUNTU-CVE-2019-18835

Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /sendjoin, /sendleave, and /invite may not be correctly signed, or may not come from the expected servers...

glusterfs: Null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c

A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in sendbrickreq function in glusterfsd/src/gfattach.c may be used to cause denial of service...

IBM Cloud Orchestrator Security Bypass Vulnerability

IBM Cloud Orchestrator is a suite of cloud management solutions from IBM in the United States. The program provides extended internal and external deployment of cloud services and application program interfaces and tools to extend the integration with existing environments and other functions. A...

CVE-2019-4394

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232...

CVE-2019-4394

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232...

CVE-2019-18415

Sourcecodester Restaurant Management System 1.0 allows XSS via the "send a message" screen...

CVE-2019-18415

Sourcecodester Restaurant Management System 1.0 allows XSS via the "send a message" screen...

Slither v0.6.7 - Static Analyzer For Solidity

Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code...

Server side request forgery (ssrf)

sendemail in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent ...

PYSEC-2019-151

sendemail in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent ...

PT-2019-8550 · Graphite +2 · Graphite +2

Name of the Vulnerable Software and Affected Versions: Graphite versions through 1.1.5 Graphite version 1.1.5 Description: The send email function in graphite-web/webapp/graphite/composer/views.py is vulnerable to Server-Side Request Forgery SSRF. An attacker can use the vulnerable SSRF endpoint ...

openthread:ip6-send-fuzzer: Stack-buffer-overflow in ot::Message::Read

Project: https://github.com/openthread/openthread.git Detailed Report: https://oss-fuzz.com/testcase?key=5682816276234240 Project: openthread Fuzzing Engine: libFuzzer Fuzz Target: ip6-send-fuzzer Job Type: libfuzzerasanopenthread Platform Id: linux Crash Type: Stack-buffer-overflow WRITE Crash...