CVE-1999-0778

Buffer overflow in Xi Graphics Accelerated-X server allows local users to gain root access via a long display or query parameter...

EUVD-2013-4206

Malware in sbrugna...

CVE-2022-25730

Information disclosure in modem due to improper check of IP type while processing DNS server query...

Sysax Multi Server 安全漏洞

Codeorigin Sysax Multi Server is an FTP File Transfer Protocol server and Shell server for Windows systems from Codeorigin, USA. A security vulnerability exists in Sysax Multi Server version 6.99 that stems from the presence of a cross-site scripting XSS attack via the /scgi?sid parameter...

Security update for Mesa

This update for Mesa fixes the following issues: CVE-2023-45913: Fixed NULL pointer dereference via dri2GetGlxDrawableFromXDrawableId bsc1222040 CVE-2023-45919: Fixed buffer over-read in glXQueryServerString bsc1222041 CVE-2023-45922: Fixed segmentation violation in glXGetDrawableAttribute...

CVE-2024-33992

CVE-2024-33992 is a Cross-Site Scripting (XSS) vulnerability in School Event Management System v1.0. The flaw allows an attacker to craft a query to the server and retrieve all stored data through the view parameter in /student/index.php. Connected sources corroborate the vulnerability and recomm...

CVE-2024-33991

CVE-2024-33991 is an XSS vulnerability in School Event Management System version 1.0. The flaw occurs in the server-side handling of the query parameter 'view' in /eventwinner/index.php , where attacker input can be reflected to retrieve stored information. Documents identify the affected product...

CVE-2024-33972

CVE-2024-33972 concerns a SQL injection in PayPal, Credit Card and Debit Card Payment version 1.0 (janobe). The vulnerability is triggered via a crafted query in the /report/event_print.php endpoint, specifically via the 'events' parameter, enabling retrieval of stored information. The public doc...

CVE-2023-3589 Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x

A Cross-Site Request Forgery CSRF vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server...

CVE-2023-32791

Cross-Site Request Forgery CSRF vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to manipulate and delete user accounts within the platform by sending a specifically crafted query to the server. The vulnerability is based on the lack of proper validation of t...

CVE-2022-25730

Information disclosure in modem due to improper check of IP type while processing DNS server query...

Information disclosure

Information disclosure in modem due to improper check of IP type while processing DNS server query...

CVE-2022-25730 Buffer Over-read in MODEM

Information disclosure in modem due to improper check of IP type while processing DNS server query...

CVE-2022-25730 Buffer Over-read in MODEM

Information disclosure in modem due to improper check of IP type while processing DNS server query...

CVE-2022-25730

CVE-2022-25730 affects modem/Qualcomm chipsets due to an improper IP type check while processing DNS server queries, causing information disclosure. Root cause: erroneous handling of IP type in DNS processing. Impact per sources: confidentiality leakage; exploitability is network-based with low c...

CVE-2022-3613

An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A crafted Prometheus Server query can cause high resource consumption and may lead to Denial of Service...

IBM WebSphere Application Server 代码问题漏洞

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A code issue vulnerability exists in IBM WebSphere...

CVE-2020-14479 ICSA-20-147-01 Inductive Automation Ignition (Update B)

Sensitive information can be obtained through the handling of serialized data. The issue results from the lack of proper authentication required to query the server...

ISC BIND Sensitive Information Disclosure Vulnerability

ISC BIND is the United States Internet Systems Consortium ISC company maintains a set of open source software that implements the DNS protocol. BIND suffers from a sensitive information disclosure vulnerability due to a flaw in BIND's recursive access control, which could be exploited by an...