Cross-Site Request Forgery (CSRF) in glpi-project/glpi

✍️ Description Hello dear glpi team I found one more CSRF vulnerability in following directory: Home/Setup/General/performance 🕵️‍♂️ Proof of Concept 1.fisrt user already should be logged in In Firefox or safari. 2.Open the PoC.html and click on submit button Also it can be auto-submit 3.Here User...

ROS-2-2140

2.2140 Multiple Exim Server Vulnerabilities 1. Vulnerability description: CVE-2020-28007 A vulnerability in the Exim message forwarding agent, is related to a symbolic link in the Exim log directory. Exploitation of the vulnerability could allow an attacker to create a special symbolic link to a...

ROS-2-2152

2.2152 Multiple Exim Server Vulnerabilities 1. Vulnerability description: CVE-2020-28007 Vulnerability in the Exim message forwarding agent, related to a symbolic link in the Exim log directory. Exploitation of the vulnerability could allow an attacker to create a special symbolic link to a...

ROS-2-2171

2.2171 Multiple Exim Server Vulnerabilities 1. Vulnerability description: CVE-2020-28007 A vulnerability in the Exim message forwarding agent, is related to a symbolic link in the Exim log directory. Exploitation of the vulnerability could allow an attacker to create a special symbolic link to a...

AZL-6755 CVE-2021-35269 affecting package ntfs-3g for versions less than 2021.8.22-1

NTFS-3G versions 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfsattrsetupflag, a heap buffer overflow can occur allowing for code execution and escalation of privileges...

DEBIAN-CVE-2021-34148

The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMPmaxslot with a greater ACL Length after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service...

Cypress WICED BT输入验证错误漏洞

Cypress WICED BT is a full-featured platform from cypress. The Cypress WICED BT suffers from an input validation error vulnerability that stems from the CYW20735B1 device's Bluetooth Classic implementation via 2.9.0 in the Cypress WICED BT stack failing to correctly handle the reception of an...

CVE-2021-34645

The Shopping Cart & eCommerce Store WordPress plugin is vulnerable to Cross-Site Request Forgery via the savecurrencysettings function found in the /admin/inc/wpeasycartadmininitialsetup.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.1.0...

CVE-2021-39283

liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands...

CVE-2021-39283

liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands...

Design/Logic Flaw

liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands...

UBUNTU-CVE-2021-39283

liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands...

CVE-2021-39283

CVE-2021-39283 affects the Live555 library: liveMedia/FramedSource.cpp (through 1.08) allows an assertion failure and application exit when handling multiple SETUP and PLAY commands. The connected documents confirm the component/file and the crash behavior but do not provide details on affected v...

CVE-2021-39283

liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands...

CVE-2021-39283

Removed by vendor...

End-to-end encryption device setup did not verify public key

None...

Live555 安全漏洞

Live555 is a cross-platform C++ open source project that provides a solution for streaming media and implements support for standard streaming media transport protocols such as RTP/RTCP, RTSP, SIP, and others. A security vulnerability exists in Live555, which stems from liveMedia/FramedSource.cpp...

crossfire-server 1.9.0 - 'SetUp()' Remote Buffer Overflow

Exploit Title: crossfire-server 1.9.0 - 'SetUp' Remote Buffer Overflow Exploit Author: Khaled Salem @Khaled0x07 Software Link: https://www.exploit-db.com/apps/43240af83a4414d2dcc19fff3af31a63-crossfire-1.9.0.tar.gz Version: 1.9.0 Tested on: Kali Linux 2020.4 CVE : CVE-2006-1236 !/bin/python impor...

NetGear D1500 1.0.0.21_1.0.1PE Cross Site Scripting

Exploit Title: NetGear D1500 V1.0.0.211.0.1PE - 'Wireless Repeater' Stored Cross-Site Scripting XSS Date: 21 Dec 2018 Exploit Author: Securityium Vendor Homepage: https://www.netgear.com/ Version: V1.0.0.211.0.1PE Tested on: NetGear D1500 Home Router Contact: [email protected] Version :...

CVE-2021-38381

Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash...