82 matches found
CVE-2020-8036
The tok2strbuf function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way...
Updated sqlite3 packages fix security vulnerabilities
Updated sqlite3 packages fix security vulnerabilities: An out of bounds write flaw CVE-2019-13734, insufficient data validation flaw CVE-2019-13750, uninitialized use flaw CVE-2019-13751, and out of bounds read flaws CVE-2019-13752, CVE-2019-13753 in SQLite before 3.31.0. It was discovered that...
hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access...
Cross-Site Scripting (XSS)
angular-gettext is vulnerable to cross-site scripting. interpolationContext is passed to getString or getPlural functions in dist/angular-gettext.js and src/directive.js, which allows attackers to inject arbitrary Javascript code into a victim's browser when the attribute...
Security Bypass Vulnerability in Huawei's Secure Storage Trusted Application for Some Phones
Huawei P9, P9 Lite, P8 Lite are Huawei smartphones. A security bypass vulnerability exists in the Secure Storage Trusted App SSTA of some Huawei phones. An attacker who has gained root privileges on Android can exploit the vulnerability to read and write user-state memory data in any location in...
IBM QRadar SIEM Unauthorized Access Vulnerability
IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. IBM QRadar SIEM ha...
Cross site scripting
Cross-site scripting XSS vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution SOME attack...
CVE-2016-4566
The CVE-2016-4566 entry concerns a cross-site scripting (XSS) vulnerability in plupload.flash.swf (Plupload before 2.1.9) used by WordPress before 4.5.2. The flaw allows remote attackers to inject arbitrary script or HTML via a Same-Origin Method Execution (SOME) attack. Public details from conne...
Automattic: WordPress SOME bug in plupload.flash.swf leading to RCE
Intro == WordPress is vulnerable against a Same-Origin Method Execution SOME vulnerability that stems from an insecure URL sanitization problem performed in the file plupload.flash.swf. The code in the file attempts to remove flashVars ¹ in case they have been set GET parameters but fails to do s...
kernel: splice: lack of generic write checks
A flaw was found in the way the Linux kernel's splice system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system...
kernel: splice: lack of generic write checks
A flaw was found in the way the Linux kernel's splice system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system...
xdelta3 -- buffer overflow vulnerability
Stepan Golosunov reports: Buffer overflow was found and fixed in xdelta3 binary diff tool that allows arbitrary code execution from input files at least on some systems...
ShopEx最新版多处SQL注射
简要描述: 不知道我有不有搞错,但已经尽量下载了最新版了。。。 在很多地方测试都存在。。。 ShopEx最新版多处SQL注射 详细说明: 我很怀疑自己是不是搞错呢。。。 注射1: http://127.0.0.1:5656/shopex/api.php POST act=searchsubregions&apiversion=1.0&returndata=string&pregionid=22 and select 1 fromselect count,concat0x7c,select Select version from informationschema.tables limit...
Fedora Update for ktimer FEDORA-2013-10130
Check for the Version of ktimer OpenVAS Vulnerability Test Fedora Update for ktimer FEDORA-2013-10130 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...
JBoss invoker servlets do not require authentication
The 1 JMXInvokerHAServlet and 2 EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow...
DEBIAN-CVE-2009-3549
packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service application crash via a file that records a malformed packet trace...
CVE-2006-3485
CVE-2006-3485 affects AstroDog Press Some Chess 1.5-RC2 and earlier. The vulnerability is a SQL injection in unspecified vectors, with potential involvement of the gameID parameter in board.php, allowing remote attackers to execute arbitrary SQL commands. Documents do not specify concrete exploit...
CVE-2006-3272
Cross-site request forgery CSRF vulnerability in menu.php in Some Chess 1.5 rc2 allows remote attackers to conduct actions as another user, such as changing usernames and passwords, via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained from third...
CVE-2006-3273
Cross-site scripting XSS vulnerability in menu.php in Some Chess 1.5 rc1 allows remote attackers to inject arbitrary web script or HTML via the user parameter "New Name" field...
CVE-2006-3273
The CVE-2006-3273 entry documents a Cross-site Scripting (XSS) vulnerability in menu.php of Some Chess 1.5 rc1, exploitable via the user parameter in the “New Name” field. The affected component is menu.php within Some Chess 1.5 rc1; the underlying cause is input that is not properly sanitized, e...