A memory leak was found in the function parseSWF_SHAPEWITHSTYLE in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. Date published : 2017-07-28 http://somevulnsofadlab.blogspot.jp/2017/07/libmingmemory-leak-in.html https://github.com/libming/libming/issues/71
A heap-based buffer over-read was found in the function decompileIF in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. Date published : 2017-07-28 http://somevulnsofadlab.blogspot.jp/2017/07/libmingheap-buffer-overflow-in.html https://github.com/libming/libming/issues/76
A memory leak vulnerability was found in the function parseSWF_DOACTION in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. Date published : 2017-07-28 http://somevulnsofadlab.blogspot.jp/2017/07/libmingmemory-leak-in-parseswfdoaction.html https://github.com/libming/libming/issues/72
MEDHOST Document Management System contains hard-coded credentials that are used for Apache Solr access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with Apache Solr may be able...
MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able...
NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to stored cross-site scripting attacks. Creating an SSID with an XSS payload results in successful exploitation. Date published :...
NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. They does not contain any token that...
NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 do not require authentication for logfile.html, status.html, or system_config.html. Date published : 2017-07-28 https://iscouncil.blogspot.com/2017/07/access-violation-vulnerability-in.html
SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter. Date published : 2017-07-28 https://github.com/glpi-project/glpi/issues/2449 https://github.com/glpi-project/glpi/releases/tag/9.1.5
front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter. Date published : 2017-07-28 https://github.com/glpi-project/glpi/issues/2450 https://github.com/glpi-project/glpi/releases/tag/9.1.5
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern...
In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests. Date published : 2017-07-27 http://www.securityfocus.com/bid/95076...
Avira Antivirus engine versions before 8.3.36.60 allow remote code execution as NT AUTHORITYSYSTEM via a section header with a very large relative virtual address in a PE file, causing an integer overflow and heap-based...
Sendio versions before 8.2.1 were affected by a Local File Inclusion vulnerability that allowed an unauthenticated, remote attacker to read potentially sensitive system files via a specially crafted URL. Date published : 2017-07-27 Software...