cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter. Date published : 2019-03-20 https://www.exploit-db.com/exploits/46751/ http://packetstormsecurity.com/files/152625/JioFi-4G-M2S-1.0.2-Cross-Site-Scripting.html
PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected Cross-Site Scripting (XSS) via the Search field. Date published : 2019-03-20 https://gkaim.com/cve-2019-7437-vikas-chaudhary/
PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory traversal via a direct request for a listing of an uploads directory. Date published : 2019-03-20 https://gkaim.com/cve-2019-7436-vikas-chaudhary/
PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected HTML injection via the Search Form. Date published : 2019-03-20 https://gkaim.com/cve-2019-7435-vikas-chaudhary/
PHP Scripts Mall Rental Bike Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory. Date published : 2019-03-20 https://gkaim.com/cve-2019-7434-vikas-chaudhary/
PHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. Date published : 2019-03-20 https://gkaim.com/cve-2019-7433-vikas-chaudhary/
PHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection via the STREET field in the Profile Edit section. Date published : 2019-03-20 https://gkaim.com/cve-2019-7432-vikas-chaudhary/
PHP Scripts Mall Image Sharing Script 1.3.4 has directory traversal via a direct request for a listing of an uploads directory. Date published : 2019-03-20 https://gkaim.com/cve-2019-7431-vikas-chaudhary/
PHP Scripts Mall Image Sharing Script 1.3.4 has HTML injection via the Search Bar. Date published : 2019-03-20 https://gkaim.com/cve-2019-7430-vikas-chaudhary/
PHP Scripts Mall Property Rental Software 2.1.4 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2016/08 directory. Date published : 2019-03-20 https://gkaim.com/cve-2019-7429-vikas-chaudhary/
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH...
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of...
It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw...
Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. It then writes out the content of these paths to the Karaf repo...