[Forgot Password]
Login  Register Subscribe

24547

 
 

132805

 
 

131423

 
 

909

 
 

108504

 
 

152

 
 
Paid content will be excluded from the download.

Filter
Matches : 131296 Download | Alert*

Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListInspector::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::InspectFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4dump.

Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListWriter::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::WriteFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4encrypt or mp4compact.

An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability.

Adhouma CMS through 2019-10-09 has SQL Injection via the post.php p_id parameter.

PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs.

** DISPUTED ** libyal liblnk 20191006 has a heap-based buffer over-read in the network_share_name_offset>20 code block of liblnk_location_information_read_data in liblnk_location_information.c, a different issue than CVE-2019-17264. NOTE: the vendor has disputed this as described in the GitHub issue.

The Shack Forms Pro extension before 4.0.32 for Joomla! allows path traversal via a file attachment.

The animate-it plugin before 2.3.6 for WordPress has CSRF in edsanimate.php.

cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517).

OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFile_deal.php blocks "into outfile" in a SELECT statement, but does not block the "into/**/outfile" manipulation. Therefore, the attacker can create a .php file.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   13129

© SecPod Technologies