Recent vulnerabilities and exploits

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) label[libelle] parameter to the /htdocs/admin/dict.php?id=3 page; the (2) name[constname] parameter to the...

Adive Framework 2.0.8 has admin/user/add userName XSS....

Adive Framework 2.0.8 has admin/user/add userUsername XSS....

Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password....

SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any...

1 Github repository available

WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network....

Ruby-lang Ruby Debian Debian Linux1 Github repository available

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission....

Jenkins1 Github repository available

sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in libreadstat.a in ReadStat 0.1.1 has a memory leak related to an iconv_open call....

Wizardmac Readstat2 Github repositories available

tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h....

Tinyexr Project Tinyexr2 Github repositories available

tinyexr 0.9.5 has a segmentation fault in the wav2Decode function....

Tinyexr Project Tinyexr2 Github repositories available

« PREV 1 2 3 4 5 6 7 8 NEXT »