🚨 CVE-2023-20197
A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources.
For a description of this vulnerability, see the ClamAV blog .
🎖@cveNotify
A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources.
For a description of this vulnerability, see the ClamAV blog .
🎖@cveNotify
Cisco
Cisco Security Advisory: ClamAV HFS+ File Scanning Infinite Loop Denial of Service Vulnerability
A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an incorrect…
This vulnerability is due to an incorrect…
🚨 CVE-2023-4556
A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. Affected by this issue is the function mysqli_query of the file sexit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-238154 is the identifier assigned to this vulnerability.
🎖@cveNotify
A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. Affected by this issue is the function mysqli_query of the file sexit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-238154 is the identifier assigned to this vulnerability.
🎖@cveNotify
blog.csdn.net
Online Graduate Tracer System sexit.php sql injection_@sec的博客-CSDN博客
文章浏览阅读4.3k次。【代码】Online Graduate Tracer System sexit.php sql injection。
🚨 CVE-2023-4555
A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file suppliar_data.php. The manipulation of the argument name/company leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238153 was assigned to this vulnerability.
🎖@cveNotify
A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file suppliar_data.php. The manipulation of the argument name/company leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238153 was assigned to this vulnerability.
🎖@cveNotify
🚨 CVE-2023-38633
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
🎖@cveNotify
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
🎖@cveNotify
GitLab
2.56.3 - stable · GNOME / librsvg · GitLab
This is a security release for bug
🚨 CVE-2022-43904
IBM Security Guardium 11.3 and 11.4 could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts. IBM X-Force ID: 240895.
🎖@cveNotify
IBM Security Guardium 11.3 and 11.4 could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts. IBM X-Force ID: 240895.
🎖@cveNotify
🚨 CVE-2023-3330
Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to obtain specific files in the product.
🎖@cveNotify
Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to obtain specific files in the product.
🎖@cveNotify
🚨 CVE-2023-4561
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.4.
🎖@cveNotify
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.4.
🎖@cveNotify
huntr.dev
Cross-site Scripting (XSS) - Stored in omeka-s
246 developers have been protected by securing omeka-s. Read this report, and explore others to learn how you can also protect the world by earning cash and CVEs.
🚨 CVE-2023-4560
Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4.
🎖@cveNotify
Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4.
🎖@cveNotify
huntr.dev
Improper Authorization of Index Containing Sensitive Information in omeka-s
246 developers have been protected by securing omeka-s. Read this report, and explore others to learn how you can also protect the world by earning cash and CVEs.
🚨 CVE-2023-26272
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 248133.
🎖@cveNotify
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 248133.
🎖@cveNotify
Ibm
Security Bulletin: IBM Guardium Data Encryption (GDE) has multiple security vulnerability (CVE-2023-26272,CVE-2023-26271,CVE-2023…
Multiple security vulnerabilities in Guardium Data Encryption(GDE) (CVE-2023-26272,CVE-2023-26271,CVE-2023-26270). Please apply the latest version for the fixes.
🚨 CVE-2023-26271
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 248126.
🎖@cveNotify
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 248126.
🎖@cveNotify
Ibm
Security Bulletin: IBM Guardium Data Encryption (GDE) has multiple security vulnerability (CVE-2023-26272,CVE-2023-26271,CVE-2023…
Multiple security vulnerabilities in Guardium Data Encryption(GDE) (CVE-2023-26272,CVE-2023-26271,CVE-2023-26270). Please apply the latest version for the fixes.
🚨 CVE-2023-26270
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 248119.
🎖@cveNotify
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 248119.
🎖@cveNotify
Ibm
Security Bulletin: IBM Guardium Data Encryption (GDE) has multiple security vulnerability (CVE-2023-26272,CVE-2023-26271,CVE-2023…
Multiple security vulnerabilities in Guardium Data Encryption(GDE) (CVE-2023-26272,CVE-2023-26271,CVE-2023-26270). Please apply the latest version for the fixes.
🚨 CVE-2023-24959
IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force ID: 246332.
🎖@cveNotify
IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force ID: 246332.
🎖@cveNotify
Ibmcloud
IBM InfoSphere Information Systems information disclosure CVE-2023-24959 Vulnerability Report
IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers
🚨 CVE-2023-23473
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 245400.
🎖@cveNotify
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 245400.
🎖@cveNotify
🚨 CVE-2023-22877
IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368.
🎖@cveNotify
IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368.
🎖@cveNotify
Ibmcloud
IBM InfoSphere Information Server CSV injection CVE-2023-22877 Vulnerability Report
IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers
🚨 CVE-2023-20197
A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources.
For a description of this vulnerability, see the ClamAV blog .
🎖@cveNotify
A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources.
For a description of this vulnerability, see the ClamAV blog .
🎖@cveNotify
Cisco
Cisco Security Advisory: ClamAV HFS+ File Scanning Infinite Loop Denial of Service Vulnerability
A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an incorrect…
This vulnerability is due to an incorrect…
🚨 CVE-2023-38027
SpotCam Co., Ltd. SpotCam Sense’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service.
🎖@cveNotify
SpotCam Co., Ltd. SpotCam Sense’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service.
🎖@cveNotify
TWCERT/CC台灣電腦網路危機處理暨協調中心|企業資安通報協處|資安情資分享|漏洞通報|資安聯盟|資安電子報
視博網訊 SpotCam Sense - Command Injection-TWCERT/CC台灣電腦網路危機處理暨協調中心|企業資安通報協處|資安情資分享|漏洞通報|資安聯盟|資安電子報-資安服務-台灣漏洞揭露平台 (TVN)-TVN (Taiwan…
🚨 CVE-2023-38026
SpotCam Co., Ltd. SpotCam FHD 2 has a vulnerability of using hard-coded uBoot credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.
🎖@cveNotify
SpotCam Co., Ltd. SpotCam FHD 2 has a vulnerability of using hard-coded uBoot credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.
🎖@cveNotify
TWCERT/CC台灣電腦網路危機處理暨協調中心|企業資安通報協處|資安情資分享|漏洞通報|資安聯盟|資安電子報
視博網訊 SpotCam FHD 2 - Use of Hard-coded Cryptographic Key - 2-TWCERT/CC台灣電腦網路危機處理暨協調中心|企業資安通報協處|資安情資分享|漏洞通報|資安聯盟|資安電子報-資安服務-台灣漏洞揭露平台…
🚨 CVE-2023-38025
SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to arbitrary system commands or disrupt service.
🎖@cveNotify
SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to arbitrary system commands or disrupt service.
🎖@cveNotify
TWCERT/CC台灣電腦網路危機處理暨協調中心|企業資安通報協處|資安情資分享|漏洞通報|資安聯盟|資安電子報
視博網訊 SpotCam FHD 2 - Command Injection-TWCERT/CC台灣電腦網路危機處理暨協調中心|企業資安通報協處|資安情資分享|漏洞通報|資安聯盟|資安電子報-資安服務-台灣漏洞揭露平台 (TVN)-TVN (Taiwan…
🚨 CVE-2023-38024
SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of using hard-coded Telnet credentials. An remote unauthenticated attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.
🎖@cveNotify
SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of using hard-coded Telnet credentials. An remote unauthenticated attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.
🎖@cveNotify
TWCERT/CC台灣電腦網路危機處理暨協調中心|企業資安通報協處|資安情資分享|漏洞通報|資安聯盟|資安電子報
視博網訊 SpotCam FHD 2- Use of Hard-coded Cryptographic Key - 1-TWCERT/CC台灣電腦網路危機處理暨協調中心|企業資安通報協處|資安情資分享|漏洞通報|資安聯盟|資安電子報-資安服務-台灣漏洞揭露平台…
🚨 CVE-2016-15035
A vulnerability was found in Doc2k RE-Chat 1.0. It has been classified as problematic. This affects an unknown part of the file js_on_radio-emergency.de_/re_chat.js. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named bd17d497ddd3bab4ef9c6831c747c37cc016c570. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-238155.
🎖@cveNotify
A vulnerability was found in Doc2k RE-Chat 1.0. It has been classified as problematic. This affects an unknown part of the file js_on_radio-emergency.de_/re_chat.js. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named bd17d497ddd3bab4ef9c6831c747c37cc016c570. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-238155.
🎖@cveNotify
🚨 CVE-2023-4561
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.4.
🎖@cveNotify
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.4.
🎖@cveNotify
huntr.dev
Cross-site Scripting (XSS) - Stored in omeka-s
246 developers have been protected by securing omeka-s. Read this report, and explore others to learn how you can also protect the world by earning cash and CVEs.