Websieve Cross-Site Scripting Vulnerability

websieve is a web-based email server management program. A cross-site scripting vulnerability exists in websieve version v0.62, which stems from the lack of proper validation of client-side data by the WEB application and can be exploited by an attacker to execute client-side code...

Poppler Buffer Overflow Vulnerability (CNVD-2018-14229)

Poppler is a C++ class library for generating PDF, the library is inherited from Xpdf PDF reader. A buffer overflow vulnerability exists in Poppler 0.62 and earlier versions, which stems from incorrect memory access not mapped in memory space. An attacker could exploit this vulnerability to corru...

WordPress Plugin wpSS - 'ss_handler.php' SQL Injection

source: https://www.securityfocus.com/bid/69089/info The WordPress Spreadsheet plugin wpSS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to compromise the application,...

PuTTY Password Local Information Disclosure

The remote host has an installation of PuTTY between 0.59 and 0.61, inclusive. Such versions are known to contain an information disclosure issue, where PuTTY neglects to wipe passwords from memory that it no longer requires. Note that to exploit this vulnerability, a malicious, local process mus...

Vulnerability in rinetd

Sam Hocevar discovered a security problem in rinetd, an IP connection redirection server. When the server maintains 64 connections and the connection list is full, rinetd resizes the list in order to store the new incoming connection. However, this is done improperly, resulting in a denial of...