[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

252271

 
 

909

 
 

196835

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 251081 Download | Alert*

Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut <= v1.1Beta

Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server <= v1.2.2

Due to the lack of firmware authentication in the upgrade process of T&W WIFI Repeater BE126 devices, an attacker can craft a malicious firmware and use it as an update.

Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other approaches.

GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.

iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php.

iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site title" field.

iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site Description" field.

proberv.php in Yahei-PHP Proberv 0.4.7 has XSS via the funName parameter.

ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a user uses the chat screen and another client sends a long chat message, a crash and denial of service could occur.


Pages:      Start    10086    10087    10088    10089    10090    10091    10092    10093    10094    10095    10096    10097    10098    10099    ..   25108

© SecPod Technologies