14 matches found
CVE-2020-18451
Cross Site Scripting XSS vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php...
Code injection
The App Settings /admin/app page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page...
Design/Logic Flaw
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...
GSD-2022-1006699 KVM: arm64: vgic: Fix exit condition in scan_its_table()
KVM: arm64: vgic: Fix exit condition in scanitstable This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.6 by commit...
GSD-2022-1006693 i40e: Fix DMA mappings leak
i40e: Fix DMA mappings leak This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.6 by commit 5f499596dfa3db9b3172645b6de9e1096a669c95, it was...
GSD-2022-1006689 ip6mr: fix UAF issue in ip6mr_sk_done() when addrconf_init_net() failed
ip6mr: fix UAF issue in ip6mrskdone when addrconfinitnet failed This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.6 by commit...
GSD-2022-1006688 cifs: Fix xid leak in cifs_create()
cifs: Fix xid leak in cifscreate This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.6 by commit 92aa09c86ef297976a3c27c6574c0839418dc2c4, it w...
GSD-2022-1006674 iommu/vt-d: Clean up si_domain in the init_dmars() error path
iommu/vt-d: Clean up sidomain in the initdmars error path This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.6 by commit...
GSD-2022-1006669 mm: /proc/pid/smaps_rollup: fix no vma's null-deref
mm: /proc/pid/smapsrollup: fix no vma's null-deref This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.6 by commit...
CVE-2021-22959
The parser in accepts requests with a space SP right after the header name before the colon. This can lead to HTTP Request Smuggling HRS in llhttp v2.1.4 and v6.0.6...
Cross site request forgery (csrf)
Cross Site Request Forgery CSRF vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd...
Cross site scripting
Cross Site Scripting XSS vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php...
CVE-2020-18451
Cross Site Scripting XSS vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php...
VirtualDJ Trial v6.0.6 "New Year Edition" m3u Exploit (0day)
Exploit for unknown platform in category dos / poc ============================================================ VirtualDJ Trial v6.0.6 "New Year Edition" m3u Exploit 0day ============================================================ Title: VirtualDJ Trial v6.0.6 "New Year Edition" m3u Exploit 0day...