92 matches found
Sven gopeak masterlab code issue vulnerability
Sven gopeak masterlab is a Sven open source application. Provides simple and efficient , agile development based project management tools . Sven gopeak masterlab version 3.3.10 and earlier versions of the code problematic vulnerability , the vulnerability stems from app/ctrl/User.php...
CVE-2023-30588
When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key inf...
PT-2023-9258
Name of the Vulnerable Software and Affected Versions Gogs versions through 0.13.0 Description The issue is related to argument injection during the previewing of changes, which can allow a remote attacker to execute arbitrary commands. Unprivileged user accounts can write to arbitrary files on t...
K27228191: Node.js vulnerability CVE-2018-7159
Security Advisory Description The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the...
znfit Home improvement ERP management system SQL注入漏洞
znfit Home improvement ERP management system is a home ERP management system from znfit Shanghai, China. A security vulnerability exists in znfit Home improvement ERP management system version V5020220207, v42. An attacker exploited the vulnerability to execute arbitrary sql commands via the...
CVE-2022-39382
Keystone is a headless CMS for Node.js — built with GraphQL and React.@keystone-6/[email protected] || 3.0.1 users that use NODEENV to trigger security-sensitive functionality in their production builds are vulnerable to NODEENV being inlined to "development" for user code, irrespective of what your...
Design/Logic Flaw
Keystone is a headless CMS for Node.js — built with GraphQL and React.@keystone-6/email protected || 3.0.1 users that use NODEENV to trigger security-sensitive functionality in their production builds are vulnerable to NODEENV being inlined to "development" for user code, irrespective of what you...
MyAdmin 安全漏洞
MyAdmin is a backend management system for cdfan personal developers. A security vulnerability exists in MyAdmin v1.0, which stems from an incorrect access control vulnerability when viewing the Personal Center in /api/user/userData?userCode=admin...
Rockwell Automation Logix Controllers 安全漏洞
Rockwell Automation Logix Controllers is a high-performance control platform from Rockwell Automation. Use this single platform to perform sequence, process, drive, or motion control in any combination. A security vulnerability exists in Rockwell Automation Logix Controllers that originates from...
HMA VPN 5.3 - Unquoted Service Path Vulnerability
Exploit Title: HMA VPN 5.3 - Unquoted Service Path Exploit Author: Saud Alenazi Vendor Homepage: https://www.hidemyass.com/ Software Link: https://www.hidemyass.com/en-us/downloads Version: 5.3.5913.0 Tested: Windows 10 Pro x64 es C:\Users\saudhsc qc HmaProVpn SC QueryServiceConfig SUCCESS...
CVE-2021-3726
Vulnerability in title function Description: the title function defined in lib/termsupport.zsh uses print to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the title function in a way that is unsafe. Fixed in:...
Format string
Vulnerability in title function Description: the title function defined in lib/termsupport.zsh uses print to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the title function in a way that is unsafe. Fixed in:...
CVE-2021-3726
This CVE affects Oh My Zsh: the vulnerable component is the title function in lib/termsupport.zsh, which uses print to set the terminal title from a user-supplied string. The root cause is unsafe handling of a user-provided value within this function, potentially enabling a vulnerability through ...
Vulnerabilities fixed in Wind River Linux
Vulnerabilities have been fixed in Wind River Linux. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote...
Netgear Genie 2.4.64 Unquoted Service Path
Exploit Title: Netgear Genie 2.4.64 - Unquoted Service Path Exploit Author: Mert DAŞ Version: 2.4.64 Date: 23.10.2021 Vendor Homepage: https://www.netgear.com/ Tested on: Windows 10 C:\Users\Mertsc qc NETGEARGenieDaemon SC QueryServiceConfig SUCCESS SERVICENAME: NETGEARGenieDaemon TYPE : 10...
Description of the security update for SharePoint Server 2019: August 10, 2021 (KB5002000)
Description of the security update for SharePoint Server 2019: August 10, 2021 KB5002000 Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see the Microsoft Common Vulnerabilities and Exposures CVE-2021-36940. Note: ...
Eaton Intelligent Power Manager Eval Injection Vulnerability
Eaton Intelligent Power Manager IPM is an intelligent power manager from Eaton Corporation that supports remote monitoring and management of multiple devices in a network from an interface. An Eval injection vulnerability exists in Eaton IPM versions prior to 1.69. The vulnerability arises becaus...
Linux kernel post-release reuse vulnerability (CNVD-2021-14804)
The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A kernel stack reuse after release vulnerability exists in PI futex in Linux kernel 5.10.11 and earlier versions duri...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Uncanny Groups for LearnDash before v3.7 allow authenticated remote attackers to inject arbitrary JavaScript or HTML via the ulgmcoderedeem POST Parameter in user-code-redemption.php, the ulgmuserfirst POST Parameter in...
Huawei EulerOS: Security Advisory for spamassassin (EulerOS-SA-2020-2272)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...