Tang 竞争条件问题漏洞

Tang is an open source server from latchset that binds data to the web. Tang suffers from a security vulnerability that stems from the presence of a competitive condition for key generation and key rotation, which can cause other processes on the same host to read the private key within a short...

Design/Logic Flaw

Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Starting in version 2.5.0 and prior to versions 3.5.8, 4.0.4, and 4.1.2, the LDAP query made during login is insecure and the attacker can perform LDAP injection...

ApiFest OAuth 2.0 Server 输入验证错误漏洞

ApiFest OAuth 2.0 Server is ApiFest open source an OAuth 2.0 protocol ApiFest OAuth 2.0 Server Java implementation . A security vulnerability exists in ApiFest OAuth 2.0 Server version 0.3.1, which stems from not validating the redirect URI according to RFC 6749, which can be exploited by an...

Haproxy HAProxy 安全漏洞

Haproxy HAProxy is an open source TCP/HTTP load balancing server from the French company HAProxy Haproxy. The server provides Layer 4 and Layer 7 proxies and can support tens of thousands of connection levels, with high efficiency and stability. A security vulnerability exists in haproxy that...

Unspecified Vulnerability in Nextcloud (CNVD-2021-51814)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server versions prior to 19.0.13, 20.0.11, and 21.0.3, which stems from the audit logging feature failing to log...

Unspecified vulnerability in Nextcloud (CNVD-2021-39032)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that can be exploited by an attacker to send a user ID to a lookup server when the user is not set to a...

CVE-2015-0796 open build service source server symlink exploitation via source patch

In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service...

H2O Denial of Service Vulnerability (CNVD-2018-01619)

H2O is a set of open source Web server software . A denial of service vulnerability exists in H2O 2.2.3 and earlier versions. A remote attacker can exploit this vulnerability to cause a denial of service...

CVE-2015-2058

c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other unspecified impact via a crafted JID...

CVE-2015-2058

c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other unspecified impact via a crafted JID...

CVE-2015-2058

c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other unspecified impact via a crafted JID...

CVE-2015-2058

The CVE-2015-2058 entry concerns Jabber Open Source Server (Jabberd) version 2.3.2 and earlier. The underlying issue is that c2s/c2s.c truncates data without guaranteeing UTF-8 validity, allowing remote authenticated users to read system memory or cause other unspecified impacts via a crafted JID...

[SECURITY] Fedora 14 Update: jabberd-2.2.14-1.fc14

The jabberd project aims to provide an open-source server implementation of the Jabber protocols for instant messaging and XML routing. The goal of this project is to provide a scalable, reliable, efficient and extensible server that provides a complete set of features and is up to date with the...

Mambo Site Server 4.0.14 - emailarticle.php?id SQL Injection

Mambo Site Server 4.0.14 - emailarticle.php?id SQL Injection source: https://www.securityfocus.com/bid/8647/info It has been reported that Mambo Open Source Server is prone to multiple input validation vulnerabilities that may allow remote attackers to inject malicious SQL syntax into database...

Mambo Site Server 4.0.14 - 'banners.php?bid' SQL Injection

source: https://www.securityfocus.com/bid/8647/info It has been reported that Mambo Open Source Server is prone to multiple input validation vulnerabilities that may allow remote attackers to inject malicious SQL syntax into database queries and send anonymous e-mail to arbitrary users. The...