report project report vulnerabilities and exploits

(subscribe to this query)

8.6

CVSSv3

Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications...

Express Handlebars Project Express Handlebars

9.8

CVSSv3

A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report H...

Student Study Center Desk Management System Project Student Study Center Desk Management System 1.0

2.6

CVSSv3

django-registration is a user registration package for Django. The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration before 3.1.2, the base user-account registration view did not properl...

Django-registration Project Django-registration

NA

A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or p...

Redhat Enterprise Linux 6.0 Fedora Project Fedora Release Rawhide -

8.8

CVSSv3

The csrf_callback function in the CSRF Magic library through 2016-03-27 is vulnerable to CSRF protection bypass as it allows one to tamper with the csrf token values. A remote attacker can exploit this by crafting a malicious page and dispersing it to a victim via social engineer...

Csrf Magic Project Csrf Magic

NA

httplib2 0.7.2, 0.8, and previous versions, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users ...

Canonical Ubuntu Linux 13.04 Canonical Ubuntu Linux 10.04 Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 12.10 Httplib2 Project Httplib2 Httplib2 Project Httplib2 0.8

7

CVSSv3

procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function...

Procps-ng Project Procps-ng Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 17.10 Debian Debian Linux 7.0 Debian Debian Linux 8.0 Debian Debian Linux 9.0

1 EDB exploit

NA

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) prior to 1.6.18 allows remote malicious users to execute arbitrary code via a UDP p...

1 EDB exploit1 Github repository

4.7

CVSSv3

Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script...

Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 19.10 Canonical Ubuntu Linux 16.04 Apport Project Apport -

NA

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) prior to 1.6.18 allows remote malicious users to execute arbitrary code via a long ...

Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.11 Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.10 Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.2 Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.1 Portable Sdk For Upnp Project Portable Sdk For Upnp 1.4.2 Portable Sdk For Upnp Project Portable Sdk For Upnp 1.4.1 Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.15 Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.14 Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.6 Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.5 Portable Sdk For Upnp Project Portable Sdk For Upnp 1.4.6 Portable Sdk For Upnp Project Portable Sdk For Upnp 1.4.5 Portable Sdk For Upnp Project Portable Sdk For Upnp Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.16 Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.9 Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.8 Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.7 Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.0 Portable Sdk For Upnp Project Portable Sdk For Upnp 1.4.7 Portable Sdk For Upnp Project Portable Sdk For Upnp 1.4.0 Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.13 Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.12

1 EDB exploit2 Github repositories

Get Started

« PREV 1 2 3 4 5 6 7 8 9 10 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook