Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-28964

Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Search function. This vulnerability allows attackers to escalate local process privileges via unspecified vectors.

CVE
#vulnerability

Related news

CVE-2020-23900: WildBit Software

A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address controls Code Flow starting at Editor!TMethodImplementationIntercept+0x57a3b.

CVE-2020-23890: WildBit Software

A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted JPG file. Related to Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at JPGCodec+0x753648.

CVE-2020-23902: WildBit Software

A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address may be used as a return value starting at Editor!TMethodImplementationIntercept+0x528a3.

CVE-2020-23679: client 注册用户信息,存在栈溢出漏洞 · Issue #1 · Renleilei1992/Linux_Network_Project

Buffer overflow vulnerability in Renleilei1992 Linux_Network_Project 1.0, allows attackers to execute arbitrary code, via the password field.

CVE-2021-41728: GitHub - Dir0x/CVE-2021-41728: Information about CVE-2021-41728, a reflected XSS in the search function.

Cross Site Scripting (XSS) vulnerability exists in Sourcecodester News247 CMS 1.0 via the search function in articles.

CVE-2021-36999: July

There is a Buffer overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by sending malicious images and inducing users to open the images may cause remote code execution.

CVE-2020-23060

Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Export/Import function. This vulnerability allows attackers to escalate local process privileges via a crafted ef2 file.

CVE-2021-36388: Yellowfin-Multiple-Vulnerabilities/README.md at main · cyberaz0r/Yellowfin-Multiple-Vulnerabilities

In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4".

CVE-2021-36387: Yellowfin-Multiple-Vulnerabilities/README.md at main · cyberaz0r/Yellowfin-Multiple-Vulnerabilities

In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page "ActivityStreamAjax.i4".

Brizy WordPress Plugin Exploit Chains Allow Full Site Takeovers

A stored XSS and arbitrary file-upload bug can be paired with an authorization bypass to wreak havoc.

CVE-2021-22930: HackerOne

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.

CVE-2020-21493: User Name Enumeration Vulnerability · Issue #3 · rayfalling/xiuno-docker

An issue in the component route\user.php of Xiuno BBS v4.0.4 allows attackers to enumerate usernames.

CVE-2021-36872: wordpress-popular-posts/changelog.md at master · cabrerahector/wordpress-popular-posts

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress Popular Posts plugin (versions <= 5.3.3). Vulnerable at &widget-wpp[2][post_type].

CVE-2020-19915: wuzhicms v4.1.0 persistent xss vulnerability

Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the [mailbox username in index.php.

CVE-2021-39327: Vulnerability Advisories - Wordfence

The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.

CVE-2021-33362: fixed #1780 (fuzz) · gpac/gpac@1273cdc

Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

CVE-2021-32137: [security]heap buffer overflow in MP4Box URL_GetProtocolType · Issue #1766 · gpac/gpac

Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

CVE-2021-32136: [security]heap buffer overlow in MP4Box print_udta · Issue #1765 · gpac/gpac

Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

CVE-2017-7415: Confluence 6.0.x Information Disclosure ≈ Packet Storm

Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource.

CVE-2016-1575: CVE-2016-1575 | Ubuntu

The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.

CVE-2014-3554: oss-security - CVE-2014-3554: libndp buffer overflow

Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907