[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

252097

 
 

909

 
 

196747

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 250907 Download | Alert*

Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.

On Ubiquiti airCam 3.1.4 devices, a Denial of Service vulnerability exists in the RTSP Service provided by the ubnt-streamer binary. The issue can be triggered via malformed RTSP requests that lead to an invalid memory read. To exploit the vulnerability, an attacker must craft an RTSP request with a large number of headers.

Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users' apps were not resolving dependencies over cleartext HTTP.

The Windows versions of Snapview Mikogo, versions before 5.10.2 are affected by insecure implementations which allow local attackers to escalate privileges.

The Chartkick gem through 3.1.0 for Ruby allows XSS.

SiteVision 4 allows Remote Code Execution.

SiteVision 4 has Incorrect Access Control.

JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection.

UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials.

lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php (nameOfFile and directory parameters).


Pages:      Start    9554    9555    9556    9557    9558    9559    9560    9561    9562    9563    9564    9565    9566    9567    ..   25090

© SecPod Technologies