In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a cookie value. This allows the attacker’s session to be authenticated as any registered LuxCal user, including the site administrator. Date published...
In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a POST request. This allows the attacker’s session to be authenticated as any registered LuxCal user, including the site administrator. Date published...
radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/core/anal_objc.c mach-o parser. Date published : 2022-05-24 https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/ https://github.com/radareorg/radare2/issues/19476
There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.03.02.19(6318) and Tenda AC9 V3.0 V15.03.06.42_multi. When setting the virtual service,...
SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability. Date published : 2022-05-24 https://github.com/siteserver/cms https://github.com/siteserver/cms/issues/3238
SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability. Date published : 2022-05-24 https://github.com/siteserver/cms https://github.com/siteserver/cms/issues/3237
SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code. Date published : 2022-05-24 https://github.com/siteserver/cms https://github.com/siteserver/cms/issues/3236
A use after free in info_width_internal in bk_info.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted text document. Date published : 2022-05-24...
A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document. Date published : 2022-05-24...
A use after free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have other unspecified impact via a crafted text document. Date published : 2022-05-24...
A vulnerability has been found in Airfield Online and classified as problematic. This vulnerability affects the path /backups/ of the MySQL backup handler. An attacker is able to get access to sensitive data without...
A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to...
GJSON
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is...