A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack. Date published : 2018-05-16 https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5
A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. Date published : 2018-05-16 https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5
A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. Date published : 2018-05-16 https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5
A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. Date published : 2018-05-16 https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5
chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior is affected by Cross-Site Scripting via the Accept-Language HTTP header. Date published : 2018-05-16 https://chat.livezilla.net/ticket.php?id=93482&hash=DE9C7230EA79&salt=e98942058530ead9b4f481f4d54b1f17
Unrestricted file upload vulnerability in the Files plugin in ProjectPier 0.88 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via...
PHP remote file inclusion vulnerability in public/patch/patch.php in Project Pier 0.8.8 and earlier allows remote attackers to execute arbitrary commands or SQL statements via the id parameter. Date published : 2018-05-16 http://seclists.org/fulldisclosure/2018/May/30
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter. Date published : 2018-05-16 https://www.seebug.org/vuldb/ssvid-97268
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter. Date published : 2018-05-16 https://www.seebug.org/vuldb/ssvid-97267
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter. Date published : 2018-05-16 https://www.seebug.org/vuldb/ssvid-97266
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter. Date published : 2018-05-16 https://www.seebug.org/vuldb/ssvid-97265
A denial of service vulnerability in SolarWinds Serv-U before 15.1.6 HFv1 allows an authenticated user to crash the application (with a NULL pointer dereference) via a specially crafted URL beginning with the /Web%20Client/ substring....
SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. This session...
p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitrary files via requests on TCP port 9100. Date published : 2018-05-16 https://www.exploit-db.com/exploits/44635/ https://neonsea.uk/blog/2018/04/15/pwn910nd.html