[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15134 Download | Alert*

An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111.

SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.

The host is installed with curl 7.17.1 through 7.38.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read. Successful exploitation allows remote web servers to read sensitive memory information.

The host is installed with curl before 7.38.0 and is prone to an unspecified vulnerability. A flaw is present in the application, which does not properly handle IP addresses in cookie domain names. Successful exploitation allows remote attackers to set cookies for or send arbitrary cookies to certain sites.

The host is installed with Atlassian Confluence Server 4.x before 7.19.17, 8.4.0 before 8.4.5, 8.5.0 before 8.5.4 and is prone to a template injection vulnerability. A flaw is present in the application which fails to properly handle unspecified vectors. Successful exploitation allows an unauthenticated attacker to inject unsafe user input into a Confluence page.

The TCP implementation in Linux, platforms based on BSD Unix, Microsoft Windows, Cisco products, and probably other operating systems allows remote attackers to cause a denial of service via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manne ...

A flaw was found in the Java logging library Apache Log4j 2 in versions from 2.0.0 and before and including 2.14.1 which could allow a remote attacker to execute code on the server if the system logs an attacker controlled string value with the attacker's JNDI LDAP server lookup. The highest threat from the vulnerability is to data confidentiality and integrity as well as system availability.

The host is installed with Elasticsearch 5.x before 6.8.21, 7.x before 7.16.1 or Logstash 5.x before 6.8.21, 7.x before 7.16.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle an issue in Log4j library. Successful exploitation could allow attackers to cause information leakage or denial of service.

The host is installed with Elasticsearch 5.x before 6.8.21, 7.x before 7.16.1 or Logstash 5.x before 6.8.21, 7.x before 7.16.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle an issue in Log4j library. Successful exploitation could allow attackers to cause information leakage or denial of service.


Pages:      Start    632    633    634    635    636    637    638    639    640    641    642    643    644    645    ..   1513

© SecPod Technologies