304 matches found
PT-2022-11456
Name of the Vulnerable Software and Affected Versions Sourcecodester Banking System version 1 Description The issue allows attackers to execute arbitrary SQL commands via the username or password field, potentially leading to unauthorized access or data manipulation. Recommendations For...
Security fix for the ALT Linux 10 package apache2 version 1:2.4.52-alt1
1:2.4.52-alt1 built Dec. 27, 2021 Anton Farygin in task 292417 Dec. 21, 2021 Anton Farygin - 2.4.52 Fixes: CVE-2021-44790, CVE-2021-44224...
Security fix for the ALT Linux 10 package apache2 version 1:2.4.51-alt1
1:2.4.51-alt1 built Oct. 11, 2021 Anton Farygin in task 286598 Oct. 10, 2021 Anton Farygin - 2.4.51 Fixes: CVE-2021-42013...
Security fix for the ALT Linux 9 package apache2 version 1:2.4.50-alt1
Oct. 7, 2021 Anton Farygin 1:2.4.50-alt1 - 2.4.50 Fixes: CVE-2021-41773, CVE-2021-41524...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Improper configuration will cause ServiceComb ServiceCenter Directory Traversal problem in ServcieCenter 1.x.x versions and fixed in 2.0.0...
CVE-2021-28233
Heap-based Buffer Overflow vulnerability exists in ok-file-formats 1 via the okjpggeneratehuffmantable function in okjpg.c...
Security fix for the ALT Linux 9 package systemd version 1:246.16-alt1
1:246.16-alt1 built Aug. 20, 2021 Alexey Shabalin in task 283283 Aug. 18, 2021 Alexey Shabalin - 246.16 Fixes CVE-2020-13529 - Package /lib/systemd/system-shutdown and /lib/systemd/system-sleep dirs ALT 39349. - Delete resovconfopenresolv settings before add ALT 33589...
Apache ServiceComb Service-Center 路径遍历漏洞
Apache ServiceComb Service-Center is a Restful-based service registry from the Apache Foundation that provides microservice discovery and microservice management. Apache ServiceComb Service-Center is vulnerable to a path traversal vulnerability in version 1.x.x. The vulnerability stems from A...
Customer Relationship Management System (CRM) 1.0 - Sql Injection Authentication Bypass
Exploit Title: Customer Relationship Management System CRM 1.0 - Sql Injection Authentication Bypass Date: 27/07/2021 Exploit Author: ShafiqueWasta Vendor Homepage: https://www.sourcecodester.com/php/14794/customer-relationship-management-crm-system-php-source-code.html Software Link:...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
💥 BUG xss via groupname 💥 VERSION TESTED latest version as of 1/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. first goto http://localhost/online-invoice2/app/admin/pageEditGroup.php and add a new group and put bellow xss payload in group-name....
Time-of-check Time-of-use (TOCTOU) Race Condition in league/flysystem
Impact The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions: - A user is allowed to supply the path or filename of an uploaded file. - The supplied...
Debian DLA-2683-1 : rxvt security update
rxvt, VT102 terminal emulator for the X Window System, allowed potentially remote code execution because of improper handling of certain escape sequences ESC G Q. For Debian 9 stretch, this problem has been fixed in version 1:2.7.10-7+deb9u2. We recommend that you upgrade your rxvt packages. For...
TYPO3 跨站脚本漏洞
TYPO3 is a free and open source content management system framework from the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in version 1.x prior to TYPO3 1.3.3, which stems from insufficient innocuous handling of user-supplied data, and can be exploited by attackers to condu...
Debian DLA-2622-1 : python-django security update
It was discovered that there was a potential directory traversal issue in Django, a Python-based web development framework. The vulnerability could have been exploited by maliciously crafted filenames. However, the upload handlers built into Django itself were not affected. For Debian 9 'Stretch'...
[SECURITY] [DSA 4889-1] mediawiki security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4889-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 10, 2021 https://www.debian.org/security/faq -...
VIGRA 安全漏洞
Hans Meine vigra is a Hans Meine open source application. It is a computer vision library. A security vulnerability exists in VIGRA Computer Vision Library Version-1-11-1, which stems from the inclusion of a segmentation error in impex, a crafted file that can lead to a denial of service...
Debian DSA-4885-1 : netty - security update
Multiple security issues were discovered in Netty, a Java NIO client/server framework, which could result in HTTP request smuggling, denial of service or information disclosure. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...
Integer overflow
An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attackers to obtain sensitive information when the server running as reverse proxy via specially crafted request...
CVE-2021-21331
The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive...
Debian DLA-2578-1 : thunderbird security update
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure. For Debian 9 stretch, these problems have been fixed in version 1:78.8.0-1deb9u1. We recommend that you upgrade your thunderbird packages. For the detailed...