CVE-2016-7145
The m_authenticate function in ircd/m_authenticate.c in nefarious2 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
Source: CVE-2016-7145
[월:] 2017년 03월
CVE-2016-9148
CVE-2016-9148
Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (formerly CA Service Desk) 12.9 and 14.1 allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF_NUM parameter.
Source: CVE-2016-9148
CVE-2016-5315
CVE-2016-5315
The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.
Source: CVE-2016-5315
CVE-2016-10040
CVE-2016-10040
Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service (application crash) via a xml file with multiple nested open tags.
Source: CVE-2016-10040
CVE-2017-6508
CVE-2017-6508
CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.
Source: CVE-2017-6508
CVE-2016-10244 (freetype)
CVE-2016-10244 (freetype)
The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file.
Source: CVE-2016-10244 (freetype)
CVE-2017-5197 (silverstripe)
CVE-2017-5197 (silverstripe)
There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. The attack vector is a page name. An example payload is a crafted JavaScript event handler within a malformed SVG element.
Source: CVE-2017-5197 (silverstripe)
CVE-2017-6411
CVE-2017-6411
Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password.
Source: CVE-2017-6411
CVE-2017-5197
CVE-2017-5197
There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. The attack vector is a page name. An example payload is a crafted JavaScript event handler within a malformed SVG element.
Source: CVE-2017-5197
CVE-2016-10244
CVE-2016-10244
The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file.
Source: CVE-2016-10244