EUVD-2018-1078

Malware in sbrugna...

K15653: Multiple PHP vulnerabilities

Security Advisory Description Description Following are descriptions of various PHP gdImageCrop vulnerabilities: CVE-2013-7226 Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service application crash or possibly...

AZL-10317 CVE-2022-2476 affecting package wavpack for versions less than 5.6.0-1

A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 pc 0x561b47a970c6 bp 0x7fff13952fb0 sp...

Askey AP4000W Code Execution Vulnerability

The Askey AP4000W is an AP device from Askey Computer. A security vulnerability exists in the Askey AP4000W TDCV1.01.003 release. The vulnerability stems from a failure of a network system or product to properly filter special elements of externally input data during the construction of a code...

CVE-2019-1904 Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based UI web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacke...

CVE-2018-0150

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot, aka a Static Credential Vulnerability. The vulnerability is due...

CVE-2017-12225

A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability. The vulnerability is due to the reuse of a preauthentication session token as pa...

Palo Alto PAN-OS Unauthenticated Buffer Overflow (PAN-SA-2016-0005) - Active Check

When a PAN-OS device is configured as a GlobalProtect portal, a vulnerability exists where an improper handling of a buffer involved in the processing of SSL VPN requests can result in device crash and possible remote code execution RCE. SPDX-FileCopyrightText: 2016 Greenbone AG Some text...

CVE-2014-3809: Reflected XSS in Alcatel Lucent 1830 PSS-32/16/4

SWISSCOM CSIRT ADVISORY - http://www.swisscom.com/security CVE ID: CVE-2014-3809 Product: 1830 Photonic Service Switch PSS-32/16/4 Vendor: Alcatel-Lucent Subject: Reflected Cross-site Scripting - XSS Effect: Remotely exploitable Author: Stephan Rickauer stephan.rickauer at swisscom.com Date:...