[Forgot Password]
Login  Register Subscribe

26408

 
 

132812

 
 

152126

 
 

909

 
 

121618

 
 

163

 
 
Paid content will be excluded from the download.

Filter
Matches : 403 Download | Alert*

The host is installed with LibreOffice 6.2.x before 6.2.7 or 6.3.x before 6.3.1 and is prone to a directory traversal vulnerability. A flaw is present in the application, which fails to properly handle an unknown functionality of the file share/Scripts/python of the component URL Encoding. Successful exploitation could allow attackers to execute scripts in arbitrary locations on the file system by ...

The host is installed with LibreOffice 6.2.x before 6.2.7 or 6.3.x before 6.3.1 and is prone to a directory traversal vulnerability. A flaw is present in the application, which fails to properly handle an unknown functionality of the file share/Scripts/python of the component URL Encoding. Successful exploitation could allow attackers to execute scripts in arbitrary locations on the file system by ...

In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.

An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without relying on MultiJson.

Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML file was loaded from an untrusted source, it could therefore load and execute code out of the control ...

LibreOffice has a "stealth mode" in which only documents from locations deemed "trusted" are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice"s ability to include remote resources within a document. A flaw existed where remote graphic links loaded from docx documents were omitted from this protection prior to versi ...

If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice"s default ODF file format, then affected versions of LibreOffice default that subsequent saves of the d ...

PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other aut ...

In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770

The host is installed with Python 2.5.2 and earlier and is prone to integer overflow vulnerability. The flaw is present in the application, which fails to properly handle vectors related to "partial hashlib hashing of data exceeding 4GB. Successful exploitation allow context-dependent attackers to defeat cryptographic digests.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   40

© SecPod Technologies