[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

87888

 
 

136

 
 
Paid content will be excluded from the download.

Filter
Matches : 429 Download | Alert*

An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address.

An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter.

An issue was discovered in UNL-CMS 7.59. A CSRF attack can create new content via ?q=node%2Fadd%2Farticle&render=overlay&render=overlay.

An issue was discovered in UNL-CMS 7.59. A CSRF attack can update the website settings via ?q=admin%2Fconfig%2Fsystem%2Fsite-information&render=overlay&render=overlay.

JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json.y.

wernsey/bitmap before 2018-08-18 allows a NULL pointer dereference via a 4-bit image.

The Feed Statistics plugin before 4.0 for WordPress has an Open Redirect via the feed-stats-url parameter.

The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of <template><object>, <template><applet>, or <template><marquee>. This is related to HTMLTreeBuilder.cpp in WebKit.

An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

BullGuard Safe Browsing 18.1.355 allows XSS on Google, Bing, and Yahoo! pages via domains indexed in search results.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   42

© SecPod Technologies