EUVD-2017-18627

Malware in sbrugna...

EUVD-2024-47060

Malicious code in bioql PyPI...

CVE-2024-5931

BT: Unchecked user input in bapbroadcastassistant...

CVE-2024-5931

CVE-2024-5931 affects Zephyr RTOS, specifically the bap_broadcast_assistant component, due to unchecked user input. Public sources indicate affected version range includes Zephyr 3.6 and earlier; the underlying issue is improper input validation, with potential availability impact (per NVD CVSS: ...

CVE-2024-5931 BT: Unchecked user input in bap_broadcast_assistant

BT: Unchecked user input in bapbroadcastassistant...

CVE-2024-40990

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Add check for srq maxsge attribute maxsge attribute is passed by the user, and is inserted and used unchecked, so verify that the value doesn't exceed maximum allowed value before using it. Mitigation Mitigation for th...

CVE-2023-6749 Unchecked user input length in the Zephyr Settings Shell

Unchecked length coming from user input in settings shell...

CVE-2023-40847

Tenda AC6 USAC6V1.0BRV15.03.05.16multiTD01.bin is vulnerable to Buffer Overflow via the function "initIpAddrInfo." In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check...

Apache Superset Input Validation Error Vulnerability

Apache Superset up is the United States Apache company to provide a large distributed environment in the horizontal scaling design applications. An input validation error vulnerability exists in Apache Superset 1.0.1 and earlier versions, which arises from unchecked user input that opens a redire...

Buffer overflow

The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service...

Arbitrary Command Injection

Overview killing is a Kill Process Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input...

The vulnerability of the Parus-Budget enterprise automation system allows a perpetrator to execute any arbitrary code.

The vulnerability of the TComboboxStrings.Get function in the Parus-Budget enterprise automation system is related to the lack of checks on the data entered by users. Exploiting this vulnerability can allow an attacker to cause a stack overflow and execute arbitrary code...

SQL Injection

mysql-connector-java is vulnerable to SQL injection. This is possible because user input is directly used in SQL queries without being checked for malicious intent...

openSUSE Security Update : openstack-swift (openSUSE-SU-2013:1146-1)

This update of openstack-swift fixes a security vulnerability. - Add CVE-2013-2161.patch: fix unchecked user input in Swift XML responses CVE-2013-2161, bnc824286. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

PAJAX - Remote Command Execution (Metasploit)

$Id: pajaxremoteexec.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

PAJAX Remote Command Execution

RedTeam has identified two security flaws in PAJAX 'PAJAX Remote Command Execution', 'Description' = %q RedTeam has identified two security flaws in PAJAX 'Matteo Cantoni ', 'hdm' , 'License' = MSFLICENSE, 'References' = 'CVE', '2006-1551', 'OSVDB', '24618', 'BID', '17519', 'URL',...

OReilly Software WebSite Professional 2.3.18/2.4/2.4.9 - 'webfind.exe' Remote Buffer Overflow

// source: https://www.securityfocus.com/bid/1487/info O'Reilly WebSite Professional is a web server package distributed by O'Reilly & Associates. Certain versions of this web server the entire 2.X version line ship with a utility containing a remotely exploitable buffer overflow. The utility in...

OReilly Software WebSite Professional 2.3.182.42.4.9 - webfind.exe Remote Buffer Overflow

OReilly Software WebSite Professional 2.3.182.42.4.9 - webfind.exe Remote Buffer Overflow // source: https://www.securityfocus.com/bid/1487/info O'Reilly WebSite Professional is a web server package distributed by O'Reilly & Associates. Certain versions of this web server the entire 2.X version...

access.counter-4.0.7.txt

The popular CGI web page access counter version 4.0.7 by George Burgyan allows execution of arbitrary commands due to unchecked user input. Commands are executed with the same privilege as the web server. Of course, other exploits can be used to get root access on an unpatched OS. The counter...

Дырка в Web-counter'e counterfiglet

Вызов system с непроверяемым на shell-метасимволы вводом пользователя позволяют выполнить любое приложение на сервере, например http://web-server/cgi-bin/counterfiglet/nc/f=;echo;w;uname20-a;id...