Memory corruption

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in...

Code injection

actionpack/lib/actionview/lookupcontext.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service memory consumption via a header containing an invalid MIME type that leads to excessive caching...

Code injection

Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135...

Authentication flaw

The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix for CVE-2012-5887...

Code injection

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML...

Sql injection

The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe findbyid method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secrettoken value, as...

Sql injection

SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use...

Cross site scripting

Cross-site scripting XSS vulnerability in activesupport/lib/activesupport/coreext/string/outputsafety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' quote character...

Cross site scripting

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/formtaghelper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the prompt field to the selecttag helper...

Code injection

Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and attack vectors. NOTE: see CVE-2012-3105 for the related MFSA 2012-34 issue in Mozilla products...

Cross site scripting

Cross-site scripting XSS vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different...

Authentication flaw

Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in certain configurations using Forms Authentication, allows remote authenticated users to obtain WebAdmins access by leveraging Edit Mode privileges, a different vulnerability than CVE-2011-3416 and CVE-2011-3417...

Sql injection

SQL injection vulnerability in ogpshow.php in esoftpro Online Guestbook Pro 5.1 allows remote attackers to execute arbitrary SQL commands via the search parameter...

Session fixation

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

Heap overflow

The LZW decompressor in 1 the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and 2 compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products,...

Command injection

The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command...

Design/Logic Flaw

The glob implementation in the GNU C Library aka glibc or libc6 allows remote authenticated users to cause a denial of service CPU and memory consumption via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a differen...

Null pointer dereference

The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service NULL pointer dereference and application crash via a crafted ZIP archive...

Design/Logic Flaw

The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing SMP, does not use the Current Privilege Level CPL and I/O Privilege Level IOPL to restrict instruction execution, which allows guest OS users to cause a denial of service guest OS crash or gain privileges on the...

Buffer overflow

The big2toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service application crash via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlo...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in PHD Help Desk 1.43 allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to area.php; the 2 pagina, 3 sentido, 4 qregistros, and 5 orden parameters to area.php; 6 the qregistros parameter to solicdisplay.php; 7 the...

Design/Logic Flaw

The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service infinite loop and system hang via a 1 SMBv1 or 2 SMBv2 response packet that contains a an incorrect length value in a NetBIOS heade...

Unrestricted file upload

Unrestricted file upload vulnerability in imageupload.php in the SimpleBoard comsimpleboard component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direc...

Design/Logic Flaw

Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880,...

Code injection

Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly...

Code injection

curl/interface.c in the cURL library aka libcurl in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safemode and openbasedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563...

Code injection

MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER...

Race condition

Race condition in the doaddcounters function in netfilter for Linux kernel 2.6.16 allows local users with CAPNETADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-re...

Cross site scripting

Cross-site scripting XSS vulnerability in phpinfo info.c in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including 1 a large number of dimensions or 2 long values, which prevents HTML tags from being removed...

Open redirect

Directus is a real-time API and App dashboard for managing SQL database content. The authentication API has a redirect parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL. There's a redirect that is done after successful login via the Auth...

Code injection

codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus...

Command injection

SOY CMS is an open source CMS content management system that allows you to build blogs and online shops. SOY CMS versions prior to 3.14.2 are vulnerable to an OS Command Injection vulnerability within the file upload feature when accessed by an administrator. The vulnerability enables the executi...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmbdesc access in SMC-D connection dump A crash was found when dumping SMC-D connections. It can be reproduced by following steps: - run nginx/wrk test: smcrun nginx smcrun wrk -t 16 -c 1000 -d -H 'Connection...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Add alignment check for event ring read pointer Though we do check the event ring read pointer by "isvalidringptr" to make sure it is in the buffer range, but there is another risk the pointer may be not aligned...

Design/Logic Flaw

Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Design/Logic Flaw

In Jenkins Bitbucket Branch Source Plugin 866.vdea7dcd3008e and earlier, except 848.850.v6aa2a234ac81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server...

Buffer overflow

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Cookie parameter. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input, and possibly remote code execution...

Open redirect

Inadequate parsing of URLs could result into an open redirect...

Information disclosure

The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's maintenance mode obtain post and page content via REST API...

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF vulnerability in Raaj Trambadia Pexels: Free Stock Photos.This issue affects Pexels: Free Stock Photos: from n/a through 1.2.2...

Input validation

In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:...

Design/Logic Flaw

In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...

Default credentials

Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker in proximity to a Wi-Fi network can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and...

Design/Logic Flaw

Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation CBOR versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use...

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

Security feature bypass

Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability...

Design/Logic Flaw

IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file...

Heap overflow

Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Buffer overflow

Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit f57bd745b4cbed577ea654fad4701bea4d38b44c. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a...

Privilege escalation

Windows Telephony Server Elevation of Privilege Vulnerability...