GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in method: notifySpaceModification; that can result in...
Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their...
daneren2005 DSub for Subsonic (Android client) version 5.4.1 contains a CWE-295: Improper Certificate Validation vulnerability in HTTPS Client that can result in Any non-CA signed server certificate, including self signed and expired, are accepted...
jsish version 2.4.70 2.047 contains a Buffer Overflow vulnerability in function _jsi_evalcode from jsiEval.c that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute...
jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in Jsi_LogMsg (jsiUtils.c:196) that can result in Crash due to segmentation fault. This attack appear to be exploitable via the victim executing specially crafted...
TOCK version prior to commit 42f7f36e74088036068d62253e1d8fb26605feed. For example dfde28196cd12071fcf6669f7654be7df482b85d contains a Insecure Permissions vulnerability in Function get_package_name in the file kernel/src/tbfheader.rs, variable "pub package_name: &’static str," in the file process.rs that can result in...
LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack...
LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user...
The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability...
NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed...
Pidgin version
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server’s private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and...
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server’s private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and...
MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/edit/, and /accounts/##/delete/ URIs. Date published : 2018-09-05 https://github.com/MicroPyramid/Django-CRM/issues/68