Downloads Resources over HTTP in macaca-chromedriver-zxa

Affected versions of macaca-chromedriver-zxa insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executi...

GHSA-3C87-R9F7-QFGQ Downloads Resources over HTTP in macaca-chromedriver-zxa

Affected versions of macaca-chromedriver-zxa insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executi...

The vulnerability of the Microsoft Team Foundation Server project management and version control system, related to errors in the data protection mechanism, allows a hacker to disclose protected information.

The vulnerability of the Microsoft Team Foundation Server project management and version control system is related to errors in processing protected variables. Exploiting this vulnerability can allow an attacker, operating remotely, to expose protected information by creating a task that contains...

EUVD-2019-13103

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

UBUNTU-CVE-2019-7329

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $SERVER'PHPSELF' insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS...

PT-2019-18534 · Zoneminder +3 · Zoneminder +3

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.32.4 Description: A Reflected Cross Site Scripting XSS issue exists due to the insecure use of $ SERVER'PHP SELF' in the form action on multiple views. This mishandles arbitrary input appended to the webroot URL...

PT-2019-18530 · Zoneminder +3 · Zoneminder +3

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.32.4 Description: A Reflected Cross Site Scripting XSS issue exists due to insecure utilization of the $ REQUEST'PHP SELF' variable in multiple views under web/skins/classic/views, without proper filtration...

iOS / macOS 10.13.6 - if_ports_used_update_wakeuuid() 16-byte Uninitialized Kernel Stack Disclosure

/ macOS 10.13.4 introduced the file bsd/net/ifportsused.c, which defines sysctls for inspecting ports, and added the function IOPMCopySleepWakeUUIDKey to the file iokit/Kernel/IOPMrootDomain.cpp. Here's the code of the latter function: extern "C" bool IOPMCopySleepWakeUUIDKeychar buffer, sizet...

Cross-Site Scripting (XSS)

bootstrap-vue is vulnerable to cross-site scripting XSS. The option variable is not validated and sanitized, which would allow a remote attacker to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions on behalf of the user...

Open Redirection

php is vulnerable to open redirection. It was discovered that PHP did not properly protect against the HTTPPROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request...

Denial Of Service (DoS)

glibc is vulnerable to denial of service DoS attacks. The vulnerability exists as an off-by-one error in the gconvtranslitfind function in gconvtrans.c in GNU C Library aka glibc allows context-dependent attackers to cause a denial of service crash or execute arbitrary code via vectors related to...

Directory Traversal

glibc is vulnerable to directory traversal attacks. The vulnerability exists through multiple directory traversal vulnerabilities in GNU C Library aka glibc or libc6 before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a...

Arbitrary Code Execution

dbus is vulnerable to arbitrary code execution attacks. The vulnerability exists as libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS...

Arbitrary XML Injection

swift is vulnerable to arbitrary XML injection attacks. The vulnerability exists due to the lack of user input sanitization of the account variable which is directly used in forming a XML to be parsed, allowing arbitrary XML injection attacks...

Cross-site Scripting (XSS)

pki-tps is vulnerable to cross-site scripting. A lack of input validation and sanitization allows a remote attacker to inject arbitrary Javascript into a victim's browser via the PATHINFO variable to steal session tokens or perform unwanted actions on behalf of the user...

Interlace - Easily Turn Single Threaded Command Line Applications Into Fast, Multi Threaded Ones With CIDR And Glob Support

Easily turn single threaded command line applications into fast, multi threaded application with CIDR and glob support. Setup Install using: $ python3 setup.py install Dependencies will then be installed and Interlace will be added to your path as interlace. Usage Argument | Description ---|--- -...

CVE-2018-6334

Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch 3.25.1, 3.24.5, and 3.21.9 and below...

Design/Logic Flaw

Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch 3.25.1, 3.24.5, and 3.21.9 and below...

CVE-2018-6334

Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch 3.25.1, 3.24.5, and 3.21.9 and below...

Undefined Behavior

Overview All versions of sailsjs-cacheman have a vulnerability that may lead to Undefined Behavior. The config variable is exposing to the global scope which may overwrite other variables and cause the application to misbehave. Recommendation No fix is currently available. Consider using an...