213680 matches found
Code injection
The TM Software Tempo plugin before 6.4.3.1, 6.5.x before 6.5.0.2, and 7.x before 7.0.3 for Atlassian JIRA does not properly restrict the capabilities of third-party XML parsers, which allows remote authenticated users to cause a denial of service resource consumption via unspecified vectors...
Heap overflow
Heap-based buffer overflow in the DemuxAudioSipr function in real.c in the RealMedia demuxer in VideoLAN VLC media player 1.1.x before 1.1.11 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted Real Media file...
Stack overflow
Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a FIG image with a crafted color definition...
Code injection
neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, a similar issue to...
Authentication flaw
The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...
Integer overflow
Integer overflow in the ftsbuild function in fts.c in libc in 1 OpenBSD 4.4 and earlier and 2 Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service application crash via a deep directory tree, related to the ftslevel structure member, as...
Buffer overflow
Buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a...
Default credentials
The 1 rand and 2 mtrand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x an...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in jsp/common/system/debug.jsp in IBM Maximo 4.1 and 5.2 allow remote attackers to inject arbitrary web script or HTML via the 1 Accept, 2 Accept-Language, 3 UA-CPU, 4 Accept-Encoding, 5 User-Agent, or 6 Cookie HTTP header. NOTE: the provenance of...
Buffer overflow
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via 1 the ProcessOldClientHello function in handshake.cpp or 2 "inputbuffer& operator" in yasslimp.cpp...
Integer overflow
Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value...
Path traversal
Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid 1 GBTBL parameter to a lang/codes-english.php or b image.php, which reveal the database name; 2 an invalid GBDB parameter to index.php, coupled with a ../index lang cookie, which reveals the installati...
Remote file inclusion
PHP remote file inclusion vulnerability in addpostnewpoll.php in UBB.threads 6.4 through 6.5.2 and 6.5.1.1 trial allows remote attackers to execute arbitrary PHP code via a URL in the thispath parameter...
Remote file inclusion
PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when registerglobals is enabled, allows remote attackers to include arbitrary files via the phpbbrootpath parameter...
Input validation
PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the globrootDir parameter...
Cross site scripting
A cross-site scripting XSS vulnerability in the component /management/settings of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter...
Sql injection
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of...
Heap overflow
In sendHciCommand of bluetoothhci.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build...
Design/Logic Flaw
The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restorerecords function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with...
Design/Logic Flaw
Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...
Design/Logic Flaw
It was discovered that the clsroute filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0...
Code injection
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but...
Cross site scripting
Reportico 7.1.21 is vulnerable to Cross Site Scripting XSS...
Cross site scripting
Submitty before v22.06.00 is vulnerable to Cross Site Scripting XSS. An attacker can create a malicious link in the forum that leads to XSS...
Cross site scripting
A Reflected Cross-Site Scripting XSS vulnerability in the Cloudmin Services Client under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Cloudmin services master field...
Design/Logic Flaw
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support EoTS...
Code injection
An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...
Design/Logic Flaw
An issue was discovered in Bezeq Vtech NB403-IL version BZ2.02.07.09.13.01 and Vtech IAD604-IL versions BZ2.02.07.09.13.01, BZ2.02.07.09.13T, and BZ2.02.07.09.09T, allows remote attackers to gain sensitive information via rootDesc.xml page of the UPnP service...
Remote code execution
Microsoft Word Remote Code Execution Vulnerability...
Design/Logic Flaw
Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...
Design/Logic Flaw
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a...
Out-of-bounds
In parseInputs of ShimPreparedModel.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
Design/Logic Flaw
VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Andrea Tarantini Menubar plugin = 5.8.2 versions...
Design/Logic Flaw
An issue was discovered in flsetgeneveopt in net/sched/clsflower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCAFLOWERKEYENCOPTSGENEVE packets. This may result in denial of service or privilege escalation...
Authentication flaw
libspdm is a sample implementation that follows the DMTF SPDM specifications. A vulnerability has been identified in SPDM session establishment in libspdm prior to version 2.3.1. If a device supports both DHE session and PSK session with mutual authentication, the attacker may be able to establis...
Arbitrary file deletion
Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\WacomTablet.exe...
Design/Logic Flaw
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getfinderinfo method. The issue results from the lack of proper validation of...
Remote code execution
Internet Control Message Protocol ICMP Remote Code Execution Vulnerability...
Design/Logic Flaw
The Birthday attack against 64-bit block ciphers flaw CVE-2016-2183 was reported for the health checks port 9979 on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port...
Code injection
An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module,...
Code injection
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 5.7.39 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromi...
Design/Logic Flaw
Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb HyperSQL DataBase to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3414. Reason: This candidate is a duplicate of CVE-2012-3414. Notes: All CVE users should reference CVE-2012-3414 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
Design/Logic Flaw
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing...
Design/Logic Flaw
Zulip is an open-source team collaboration tool. Zulip Server installs RabbitMQ for internal message passing. In versions of Zulip Server prior to 4.9, the initial installation until first reboot, or restart of RabbitMQ does not successfully limit the default ports which RabbitMQ opens; this...
Heap overflow
DISPUTED Dnsmasq 2.86 has a heap-based buffer overflow in printmac called from logpacket and dhcpreply. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge."...
Command injection
In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header...
Code injection
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...