๐จ CVE-2020-24913
A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.
๐@cveNotify
A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.
๐@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
๐จ CVE-2020-24914
A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request.
๐@cveNotify
A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request.
๐@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
๐จ CVE-2020-21884
Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, /list_users, /list_byod?usertype=raduser, /dhcp_leases, /go?rid=202 in which a specially crafted HTTP request may reconfigure the device.
๐@cveNotify
Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, /list_users, /list_byod?usertype=raduser, /dhcp_leases, /go?rid=202 in which a specially crafted HTTP request may reconfigure the device.
๐@cveNotify
๐จ CVE-2020-24285
INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx.
๐@cveNotify
INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx.
๐@cveNotify
GitHub
CVE/telefone_ip_tip200.md at main ยท SecLoop/CVE
Contribute to SecLoop/CVE development by creating an account on GitHub.
๐จ CVE-2020-21813
A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114.
๐@cveNotify
A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114.
๐@cveNotify
GitHub
Several bugs found by fuzzing ยท Issue #182 ยท LibreDWG/libredwg
Hi, After fuzzing libredwg, I found the following bugs on the latest commit on master. Command: ./dwg2SVG $PoC 1.NULL pointer dereference in htmlescape ../../programs/escape.c:29 POC: https://githu...
๐จ CVE-2020-21814
A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlwescape ../../programs/escape.c:97.
๐@cveNotify
A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlwescape ../../programs/escape.c:97.
๐@cveNotify
GitHub
Several bugs found by fuzzing ยท Issue #182 ยท LibreDWG/libredwg
Hi, After fuzzing libredwg, I found the following bugs on the latest commit on master. Command: ./dwg2SVG $PoC 1.NULL pointer dereference in htmlescape ../../programs/escape.c:29 POC: https://githu...
๐จ CVE-2020-21815
A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114, which causes a denial of service (application crash).
๐@cveNotify
A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114, which causes a denial of service (application crash).
๐@cveNotify
GitHub
Several bugs found by fuzzing ยท Issue #182 ยท LibreDWG/libredwg
Hi, After fuzzing libredwg, I found the following bugs on the latest commit on master. Command: ./dwg2SVG $PoC 1.NULL pointer dereference in htmlescape ../../programs/escape.c:29 POC: https://githu...
๐จ CVE-2020-21816
A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:46.
๐@cveNotify
A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:46.
๐@cveNotify
GitHub
Several bugs found by fuzzing ยท Issue #182 ยท LibreDWG/libredwg
Hi, After fuzzing libredwg, I found the following bugs on the latest commit on master. Command: ./dwg2SVG $PoC 1.NULL pointer dereference in htmlescape ../../programs/escape.c:29 POC: https://githu...
๐จ CVE-2020-21817
A null pointer dereference issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:29. which causes a denial of service (application crash).
๐@cveNotify
A null pointer dereference issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:29. which causes a denial of service (application crash).
๐@cveNotify
GitHub
Several bugs found by fuzzing ยท Issue #182 ยท LibreDWG/libredwg
Hi, After fuzzing libredwg, I found the following bugs on the latest commit on master. Command: ./dwg2SVG $PoC 1.NULL pointer dereference in htmlescape ../../programs/escape.c:29 POC: https://githu...
๐จ CVE-2020-21818
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:48.
๐@cveNotify
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:48.
๐@cveNotify
GitHub
Several bugs found by fuzzing ยท Issue #182 ยท LibreDWG/libredwg
Hi, After fuzzing libredwg, I found the following bugs on the latest commit on master. Command: ./dwg2SVG $PoC 1.NULL pointer dereference in htmlescape ../../programs/escape.c:29 POC: https://githu...
๐จ CVE-2020-21819
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641via htmlescape ../../programs/escape.c:51.
๐@cveNotify
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641via htmlescape ../../programs/escape.c:51.
๐@cveNotify
GitHub
Several bugs found by fuzzing ยท Issue #182 ยท LibreDWG/libredwg
Hi, After fuzzing libredwg, I found the following bugs on the latest commit on master. Command: ./dwg2SVG $PoC 1.NULL pointer dereference in htmlescape ../../programs/escape.c:29 POC: https://githu...
๐จ CVE-2020-21827
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2379.
๐@cveNotify
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2379.
๐@cveNotify
cwe.mitre.org
CWE -
CWE-122: Heap-based Buffer Overflow (4.20)
CWE-122: Heap-based Buffer Overflow (4.20)
Common Weakness Enumeration (CWE) is a list of software weaknesses.
๐จ CVE-2020-21830
A heap based buffer overflow vulneraibility exists in GNU LibreDWG 0.10 via bit_calc_CRC ../../src/bits.c:2213.
๐@cveNotify
A heap based buffer overflow vulneraibility exists in GNU LibreDWG 0.10 via bit_calc_CRC ../../src/bits.c:2213.
๐@cveNotify
GitHub
Several bugs found by fuzzing ยท Issue #188 ยท LibreDWG/libredwg
Hi, After fuzzing libredwg, I found the following bugs on the latest commit on master. Command: ./dwgbmp $PoC 1.NULL pointer dereference in read_2004_compressed_section ../../src/decode.c:2417 POC:...
๐จ CVE-2020-21832
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2417.
๐@cveNotify
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2417.
๐@cveNotify
GitHub
Several bugs found by fuzzing ยท Issue #188 ยท LibreDWG/libredwg
Hi, After fuzzing libredwg, I found the following bugs on the latest commit on master. Command: ./dwgbmp $PoC 1.NULL pointer dereference in read_2004_compressed_section ../../src/decode.c:2417 POC:...
๐จ CVE-2020-21833
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_classes ../../src/decode.c:2440.
๐@cveNotify
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_classes ../../src/decode.c:2440.
๐@cveNotify
GitHub
Several bugs found by fuzzing ยท Issue #188 ยท LibreDWG/libredwg
Hi, After fuzzing libredwg, I found the following bugs on the latest commit on master. Command: ./dwgbmp $PoC 1.NULL pointer dereference in read_2004_compressed_section ../../src/decode.c:2417 POC:...
๐จ CVE-2020-21834
A null pointer deference issue exists in GNU LibreDWG 0.10 via get_bmp ../../programs/dwgbmp.c:164.
๐@cveNotify
A null pointer deference issue exists in GNU LibreDWG 0.10 via get_bmp ../../programs/dwgbmp.c:164.
๐@cveNotify
GitHub
Several bugs found by fuzzing ยท Issue #188 ยท LibreDWG/libredwg
Hi, After fuzzing libredwg, I found the following bugs on the latest commit on master. Command: ./dwgbmp $PoC 1.NULL pointer dereference in read_2004_compressed_section ../../src/decode.c:2417 POC:...
๐จ CVE-2020-21835
A null pointer deference issue exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2337.
๐@cveNotify
A null pointer deference issue exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2337.
๐@cveNotify
GitHub
Several bugs found by fuzzing ยท Issue #188 ยท LibreDWG/libredwg
Hi, After fuzzing libredwg, I found the following bugs on the latest commit on master. Command: ./dwgbmp $PoC 1.NULL pointer dereference in read_2004_compressed_section ../../src/decode.c:2417 POC:...
๐จ CVE-2020-21836
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_preview ../../src/decode.c:3175.
๐@cveNotify
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_preview ../../src/decode.c:3175.
๐@cveNotify
GitHub
Several bugs found by fuzzing ยท Issue #188 ยท LibreDWG/libredwg
Hi, After fuzzing libredwg, I found the following bugs on the latest commit on master. Command: ./dwgbmp $PoC 1.NULL pointer dereference in read_2004_compressed_section ../../src/decode.c:2417 POC:...
๐จ CVE-2020-21838
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_appinfo ../../src/decode.c:2842.
๐@cveNotify
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_appinfo ../../src/decode.c:2842.
๐@cveNotify
GitHub
Several bugs found by fuzzing ยท Issue #188 ยท LibreDWG/libredwg
Hi, After fuzzing libredwg, I found the following bugs on the latest commit on master. Command: ./dwgbmp $PoC 1.NULL pointer dereference in read_2004_compressed_section ../../src/decode.c:2417 POC:...
๐จ CVE-2020-21839
An issue was discovered in GNU LibreDWG 0.10. Crafted input will lead to an memory leak in dwg_decode_eed ../../src/decode.c:3638.
๐@cveNotify
An issue was discovered in GNU LibreDWG 0.10. Crafted input will lead to an memory leak in dwg_decode_eed ../../src/decode.c:3638.
๐@cveNotify
cwe.mitre.org
CWE -
CWE-401: Missing Release of Memory after Effective Lifetime (4.20)
CWE-401: Missing Release of Memory after Effective Lifetime (4.20)
Common Weakness Enumeration (CWE) is a list of software weaknesses.
๐จ CVE-2020-21840
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_search_sentinel ../../src/bits.c:1985.
๐@cveNotify
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_search_sentinel ../../src/bits.c:1985.
๐@cveNotify
GitHub
Several bugs found by fuzzing ยท Issue #188 ยท LibreDWG/libredwg
Hi, After fuzzing libredwg, I found the following bugs on the latest commit on master. Command: ./dwgbmp $PoC 1.NULL pointer dereference in read_2004_compressed_section ../../src/decode.c:2417 POC:...