bug library project bug library vulnerabilities and exploits

(subscribe to this query)

The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the successimportcount parameter found in the ~/bug-library.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 2.0.3.

Bug Library Project Bug Library

An issue exists in setTA in scan_rr.go in the Miek Gieben DNS library prior to 1.0.10 for Go. A dns.ParseZone() parsing error causes a segmentation violation, leading to denial of service.

Dns Library Project Dns Library

An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert.

Audio File Library Project Audio File Library 0.3.0 Audio File Library Project Audio File Library 0.3.1 Audio File Library Project Audio File Library 0.3.2 Audio File Library Project Audio File Library 0.3.3 Audio File Library Project Audio File Library 0.3.4 Audio File Library Project Audio File Library 0.3.5 Audio File Library Project Audio File Library 0.3.6 Canonical Ubuntu Linux 14.04

In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an malicious user to cause a denial of service via a crafted file.

Audio File Library Project Audio File Library 0.3.6 Debian Debian Linux 10.0

The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an malicious user to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.

Audio File Library Project Audio File Library 0.3.6 Canonical Ubuntu Linux 14.04

Perl-Compatible Regular Expression (PCRE) library prior to 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent malicious users to obtain sensitive information or cause a denial of service (crash), ...

Pcre Perl-compatible Regular Expression Library 7.0 Pcre Perl-compatible Regular Expression Library Pcre Perl-compatible Regular Expression Library 7.1 Apple Mac Os X Server 10.4.11 Apple Mac Os X 10.4.11

This affects versions of the package http-cache-semantics prior to 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.

Http-cache-semantics Project Http-cache-semantics

1 Github repository

vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with the `@@speci...

Vm2 Project Vm2

URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing the...

Uri.js Project Uri.js

The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version.

Saml Project Saml

1 2 3 4 5 6 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook