ccn-lite-valid.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via vectors involving the keyfile variable. Date published : 2018-02-07 https://github.com/cn-uofbasel/ccn-lite/issues/130 https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0
Memory leak in the ccnl_app_RX function in ccnl-uapi.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (memory consumption) via vectors involving an envelope_s structure pointer when the packet format...
ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows context-dependent attackers to have unspecified impact via a crafted file, which triggers infinite recursion and a stack overflow. Date published : 2018-02-07 https://github.com/cn-uofbasel/ccn-lite/issues/128 https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0
cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face...
Cozy version 2 has XSS allowing remote attackers to obtain administrative access via JavaScript code in the url parameter to the /api/proxy URI, as demonstrated by an XMLHttpRequest call with an ’email:"attacker@example.com"’ request, which...
In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root. Date published : 2018-02-07 https://github.com/VerSprite/research/blob/master/advisories/VS-2018-001.md
In PureVPN 6.0.1 on macOS, HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root. Date published : 2018-02-07 https://github.com/VerSprite/research/blob/master/advisories/VS-2018-002.md
Marked 2 through 2.5.11 allows remote attackers to read arbitrary files via a crafted HTML document that triggers a redirect to an x-marked://preview?text= URL. The value of the text parameter can include arbitrary JavaScript...
The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel...
PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored XSS via every profile input field. Date published : 2018-02-07 https://exploit-db.com/exploits/43989/
PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every profile input field. Date published : 2018-02-07 https://exploit-db.com/exploits/43990/
Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then...
PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an arbitrary profile field. Date published : 2018-02-07 https://exploit-db.com/exploits/43988/
Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response Splitting, and CRLF Injection attacks via JavaScript code in a PHPSESSID cookie. Date published : 2018-02-07 http://dfdrconsulting.com/cve-2018-6603-promise-technology-webpam-pro-e-http-response-header-injection-xss/