Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site. Date published : 2020-02-06 http://jvn.jp/en/jp/JVN36765384/index.html http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000056.html
An Information Disclosure vulnerability exists in the my config file in NEtGEAR WGR614 v7 and v9, which could let a malicious user recover all previously used passwords on the device, for both the control...
An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to CVE-2006-1002. Date published : 2020-02-06 https://packetstormsecurity.com/files/118854/Netgear-WGR614-Credential-Information.html https://vuldb.com/?id.7180
A vulnerability exists in Arctic Torrent 1.4 via unspecified vectors in .torrent file handling, which could let a malicious user cause a Denial of Service. Date published : 2020-02-06 http://www.openwall.com/lists/oss-security/2012/12/10/5
A vulnerability exists in JPEGsnoop 1.5.2 due to an unspecified issue in JPEG file handling, which could let a malicious user execute arbitrary code Date published : 2020-02-06 http://www.openwall.com/lists/oss-security/2012/12/10/4 https://www.exploit-db.com/exploits/21739/
A vulnerability exists in HCView (aka Hardcoreview) 1.4 due to a write access violation with a GIF file. Date published : 2020-02-06 http://www.openwall.com/lists/oss-security/2012/12/10/3 https://marc.info/?l=oss-security&m=135516610818927&w=2
Command Injection vulnerability exists via a CSRF in DD-WRT 24-sp2 from specially crafted configuration values containing shell meta-characters, which could let a remote malicious user cause a Denial of Service. Date published : 2020-02-06...
Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email. Date published : 2020-02-06...
The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as...
RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted...
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the...
SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the ‘pathes’ parameter in ‘categories.php’. Date published : 2020-02-06 http://www.securityfocus.com/bid/60511 https://exchange.xforce.ibmcloud.com/vulnerabilities/84928
Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. Date published : 2020-02-06 http://www.securityfocus.com/bid/61151 http://www.exploit-db.com/exploits/28484
The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the ‘dir’ command or issue other commands without authenticating. Date published...