PHPRAP Server-Side Request Forgery Vulnerability

PHPRAP is a PHP lightweight open source API interface document management system . A server-side request forgery vulnerability exists in the application/home/controller/debug.php file in PHPRAP versions 1.0.4 through 1.0.8. This vulnerability can be exploited to perform server-side request forger...

Apache Ambari Path Traversal Vulnerability

Apache Ambari is a set of tools for configuring, managing and monitoring Apache Hadoop clusters from the Apache Apache Software Foundation, USA. The tool supports visualization and analysis of job and task execution, support for system alerts, and more. A directory traversal vulnerability exists ...

Apache Derby External Control Input Vulnerability

Apache Derby is the United States Apache Apache Software Foundation developed a set of open source database management system. A security vulnerability exists in Apache Derby versions 10.3.1.4 through 10.14.1.0, which is caused by the program failing to properly validate incoming network packets....

Flexense DiskBoss Enterprise Cross-Site Scripting Vulnerability

Flexense DiskBoss Enterprise is a rules-based automated data analysis and file management solution from Flexense Canada. The solution supports performing disk space analysis, file classification, file search, file synchronization and data migration. A cross-site scripting vulnerability exists in...

Flexense VX Search Enterprise Cross-Site Scripting Vulnerability

Flexense VX Search Enterprise is an automated rules-based document search solution from Flexense Canada. A cross-site scripting vulnerability exists in Flexense VX Search Enterprise versions 10.1.12 through 10.7. A remote attacker could exploit the vulnerability to execute code that could obtain...

CVE-2017-6910

The HTTP and WebSocket engine components in the server in Kaazing Gateway before 4.5.3 hotfix-1, Gateway - JMS Edition before 4.0.5 hotfix-15, 4.0.6 before hotfix-4, 4.0.7, 4.0.9 before hotfix-19, 4.4.x before 4.4.2 hotfix-1, 4.5.x before 4.5.3 hotfix-1, and Gateway Community and Enterprise...

Cybozu Garoon Browsing Restriction Bypass Vulnerability

Cybozu Garoon is an office software with Chinese, Japanese, and English languages. A browsing restriction bypass vulnerability exists in the application "Space" in Cybozu Garoon 4.0.0 through 4.6.0. The vulnerability can be exploited by users who can log in to the product to view the closed...

GitLab Cross-Site Scripting Vulnerability (CNVD-2018-08691)

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. A cross-site scripting vulnerability exists in GitLab CE and EE 8.4 - 10.4. The vulnerability is...

DEBIAN-CVE-2018-9273

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak...

DEBIAN-CVE-2018-9267

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak...

DEBIAN-CVE-2018-9257

In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns...

UBUNTU-CVE-2018-9271

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory leak...

UBUNTU-CVE-2018-9258

In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources...

ALPINE-CVE-2018-9258

In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources...

Wireshark Kerberos Parser Denial of Service Vulnerability

Wireshark formerly Ethereal is a suite of network packet analysis software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis.Kerberos dissector is one of the Kerberos network authentication protocol parsers. A...

Apache HTTPD Remote Security Bypass Vulnerability

Apache httpd is the U.S. Apache Apache Software Foundation, an open source HTTP server developed and maintained specifically for modern operating systems. A security vulnerability exists in Apache httpd versions 2.4.0 through 2.4.29. An attacker can exploit this vulnerability by sending a special...

Apache httpd mod_auth_digest module remote security bypass vulnerability

Apache httpd is the United States Apache Apache Software Foundation, an open source HTTP server developed and maintained for modern operating systems. modauthdigest module is one of the HTTP cache filter module . A security vulnerability exists in the modauthdigest module in Apache httpd versions...

UBUNTU-CVE-2018-1283

In Apache httpd 2.4.0 to 2.4.29, when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a "Session" header. This comes from the "HTTPSESSION" variable name used by modsession to forward its...

Pivotal Grails Resources Plugin Path Traversal Vulnerability

Pivotal Grails is the U.S. Pivotal Software's set of Groovy-based programming language and for rapid development of Web applications and open source framework. Resource Plugin is one of the HTML resource management plugin . A directory traversal vulnerability exists in Pivotal Grails Resources...

Haxx curl heap buffer overflow vulnerability

Haxx curl is a set of file transfer tools from the Swedish company Haxx that work on the command line using URL syntax, the tool supports file uploads and downloads, and includes a libcurl client-side URL transfer library for program development. A heap buffer overflow vulnerability exists in the...