362 matches found
MP4v2 Denial of Service Vulnerability
MP4v2 is an open source library written in C++ for handling MP4 containers. A security vulnerability exists in the MP4Atom class of the mp4atom.cpp file in MP4v2 2.0.0 and earlier versions, which stems from the program's failure to properly handle Entry Number validation. A remote attacker can...
CCN-lite Integer Overflow Vulnerability
CCN-lite is a lightweight and functionally interoperable implementation of the CCNx protocol for XEROX PARC. An integer overflow vulnerability exists in the ndnparsesequence function in CCN-lite versions prior to 2.0.0. An attacker can exploit this vulnerability to cause an integer overflow via...
PT-2018-3409 · Dovecot +3 · Dovecot +3
Name of the Vulnerable Software and Affected Versions: dovecot versions 2.0 through 2.2.33 dovecot version 2.3.0 Description: A flaw in the SASL authentication process can cause a memory leak in dovecot's auth client, which is used by login processes. This issue can have significant impact in...
Microsoft ASP.NET Core Cross-Site Request Forgery Vulnerability
Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation USA. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. A cross-site request forgery vulnerability exists in Microsoft ASP.NET Core...
D-Link DIR-850L REV.A and REV.B Denial of Service Vulnerabilities
The D-Link DIR-850L REV.A and REV.B are both wireless router products from AUO D-Link. The security vulnerability exists in D-Link DIR-850L REV.A and REV.B devices using firmware FW114WWb07h2abbeta1 and prior versions, and firmware FW208WWb02 and prior versions. A remote attacker could exploit th...
Cisco Context Service SDK Remote Code Execution Vulnerability
Cisco Context Service SDK is the United States Cisco Cisco company's set of software development kit for Context Service. An arbitrary code execution vulnerability exists in the update process of the JAR file in version 2.0 of the Cisco Context Service SDK, which stems from the program failing to...
CVE-2017-9543
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm...
Juniper Networks NorthStar Controller Application Buffer Overflow Vulnerability (CNVD-2017-07222)
Juniper Networks NorthStar Controller Application is a traffic planning controller from Juniper Networks, Inc. The controller optimizes service provider transport networks by establishing open industry standard protocols. A buffer overflow vulnerability exists in Juniper Networks NorthStar...
UBUNTU-CVE-2016-5598
Unspecified vulnerability in the MySQL Connector component 2.1.3 and earlier and 2.0.4 and earlier in Oracle MySQL allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Connector/Python...
Wireshark CORBA IDL Dissector Remote Denial of Service Vulnerability
Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A remote denial of service vulnerability exists in Wireshark versions 2.0.0 through 2.0....
Wireshark Denial of Service Vulnerability (CNVD-2016-01444)
Wireshark is the most popular network protocol parser. A denial-of-service vulnerability exists in Wireshark version 2.0.x prior to 2.0.2, which allows remote attackers to cause a denial of service via a crafted packet...
BSA-2016-001
Summary Security Advisory ID : BSA-2016-001 Component : Java Revision : 2.0 N/A...
IniNet Solutions SCADA Web Server Path Traversal Vulnerability
IniNet SCADA Web Server is a third-party web-based server software. Versions of SCADA Web Server prior to 2.02 fail to effectively filter certain elements within path names and are implemented with a path traversal vulnerability. An attacker can exploit this vulnerability to read arbitrary OS fil...
WordPress Plugin WonderPlugin Audio Player Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.WonderPlugin Audio Player is one of the audio player plugin. WordPress WonderPlugin Audio Player plugin 2.0 and...
Vanilla Forums Cross-Site Scripting Vulnerability
Vanilla Forums is a Canadian company VanillaForums PHP-based open source forum program . A cross-site scripting vulnerability exists in Vanilla Forums versions 2.0.18.12 and 2.1.x prior to 2.1.1. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
PT-2014-5437 · Red Hat · Spacewalk-Java +1
Name of the Vulnerable Software and Affected Versions: spacewalk-java version 2.0.2 Red Hat Network RHN Satellite versions 5.5 through 5.6 Description: The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to API endpoints such as...
UBUNTU-CVE-2014-5031
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors...
PT-2012-4689 · Moodle · Moodle
Name of the Vulnerable Software and Affected Versions: Moodle versions 2.0.x through 2.0.9 Moodle versions 2.1.x through 2.1.6 Moodle versions 2.2.x through 2.2.3 Moodle versions 2.3.x through 2.3.0 Description: A cross-site scripting XSS issue exists, allowing remote authenticated administrators...
PT-2011-4554 · Apache +3 · Apache Http Server +3
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.0.x through 2.0.64 Apache HTTP Server versions 2.2.x before 2.2.18 Description: The issue arises from the mod proxy module's improper interaction with RewriteRule and ProxyPassMatch pattern matches when configure...
PT-2008-5265 · Dic · Dic Shop V52 +1
Name of the Vulnerable Software and Affected Versions: DIC shop v50 versions 3.0 and earlier DIC shop v52 versions 2.0 and earlier Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Recommendations: For DIC shop v5...