This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must...
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must...
NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution....
NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3 are susceptible to a vulnerability which could lead to a privilege escalation attack. Date published : 2018-05-24 https://security.netapp.com/advisory/ntap-20180523-0002/
An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function via a RegExp("[\u0") payload, related to re_parse_char_class in parser/regexp/re-parser.c. Date published : 2018-05-24 https://github.com/jerryscript-project/jerryscript/issues/2230
An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_utf8 function via a RegExp("[\u0020") payload, related to re_parse_char_class in parser/regexp/re-parser.c. Date published : 2018-05-24 https://github.com/jerryscript-project/jerryscript/issues/2237
jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of realloc() and free(), which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. Date...
SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product. Date...
An issue was discovered in BearAdmin 0.5. There is admin/admin_log/index.html?user_id= SQL injection because admincontrollerAdminLog.php constructs a MySQL query improperly. Date published : 2018-05-24 https://github.com/yupoxiong/BearAdmin/issues/5
An issue was discovered in BearAdmin 0.5. Remote attackers can download arbitrary files via /admin/databack/download.html?name= directory traversal sequences, as demonstrated by name=../application/database.php to read the MySQL credentials in the configuration. Date published : 2018-05-24...
In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a...
The transferFrom function of a smart contract implementation for DimonCoin (FUD), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims’ balances into their account) because certain computations involving _value are...
An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. Date...
Kliqqi 2.0.2 has CSRF in admin/admin_users.php. Date published : 2018-05-24 https://github.com/Kliqqi-CMS/Kliqqi-CMS/issues/256