[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 47663 Download | Alert*

Bento4 has a NULL pointer dereference in AP4_DescriptorListWriter::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::WriteFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4encrypt or mp4compact.

An issue was discovered in fastadmin There is a public/index.php/admin/auth/admin/add CSRF vulnerability.

Adhouma CMS through 2019-10-09 has SQL Injection via the post.php p_id parameter.

PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs.

** DISPUTED ** libyal liblnk 20191006 has a heap-based buffer over-read in the network_share_name_offset>20 code block of liblnk_location_information_read_data in liblnk_location_information.c, a different issue than CVE-2019-17264. NOTE: the vendor has disputed this as described in the GitHub issue.

The Shack Forms Pro extension before 4.0.32 for Joomla! allows path traversal via a file attachment.

The animate-it plugin before 2.3.6 for WordPress has CSRF in edsanimate.php.

cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517).

OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFile_deal.php blocks "into outfile" in a SELECT statement, but does not block the "into/**/outfile" manipulation. Therefore, the attacker can create a .php file.

Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable.

Pages:      Start    2    3    4    5    6    7    8    9    10    11    12    13    14    15    ..   4766

© SecPod Technologies