Vuldb Updates

A vulnerability was found in SleekXMPP and Slixmpp. It has been rated as critical. This issue affects some unknown processing of the component Message Carbon Handler. The manipulation leads to origin validation error. The identification of this vulnerability is CVE-2017-5591. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Flat Chat 2.0. It has been classified as very critical. This affects an unknown part of the file startsession.php. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2007-1394. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Advantech SUISAccess Server up to 3.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component ZIP File Handler. The manipulation leads to path traversal. This vulnerability is known as CVE-2016-9351. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Profanity up to 0.5.0. Affected is an unknown function of the component Message Carbon Handler. The manipulation leads to origin validation error. This vulnerability is traded as CVE-2017-5592. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in PHP up to 4.4.4 and classified as critical. Affected by this issue is the function (shmop). The manipulation leads to sql injection. This vulnerability is handled as CVE-2007-1376. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in SunGard eTRAKiT3 3.2.1.17. Affected by this issue is some unknown functionality of the component Backend Server. The manipulation of the argument valueAsString as part of POST Parameter leads to sql injection. This vulnerability is handled as CVE-2016-6566. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in fluik Office Jerk Free 1.7.13. This affects an unknown part of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is uniquely identified as CVE-2014-5620. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability classified as critical was found in Psi+ up to 0.16.571.627. Affected by this vulnerability is an unknown functionality of the component Message Carbon Handler. The manipulation leads to origin validation error. This vulnerability is known as CVE-2017-5593. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in ZoneMinder up to 1.30.0 and classified as problematic. Affected by this vulnerability is the function readfile of the file web/views/file.php. The manipulation of the argument view leads to information disclosure (File). This vulnerability is known as CVE-2017-5595. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Erick Woods Terminal Server Client 0.150. Affected by this issue is the function tsc_launch_remote of the file src/support.c of the component Terminal Server. The manipulation of the argument domain leads to memory corruption. This vulnerability is handled as CVE-2011-0901. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to add further authentication.

A vulnerability, which was classified as critical, has been found in Oracle Siebel Core up to 21.5. This issue affects some unknown processing of the component Zookeeper. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2017-5637. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in VMware vCenter Server 6.0/6.5. It has been classified as critical. Affected is an unknown function of the component BlazeDS. The manipulation as part of AMF3 Message leads to deserialization. This vulnerability is traded as CVE-2017-5641. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in ZTE ZXHN H108N R1A. Affected by this issue is some unknown functionality of the file cgi-bin/webproc. The manipulation of the argument errorpage leads to cross site scripting. This vulnerability is handled as CVE-2015-7252. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /endpoint/add-bookmark.php of the component Parameter Handler. The manipulation of the argument name/url leads to cross site scripting. This vulnerability was named CVE-2024-8152. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /endpoint/delete-bookmark.php. The manipulation of the argument bookmark leads to cross site scripting. The identification of this vulnerability is CVE-2024-8153. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in SourceCodester QR Code Bookmark System 1.0. Affected is an unknown function of the file /endpoint/update-bookmark.php of the component Parameter Handler. The manipulation of the argument tbl_bookmark_id/name/url leads to cross site scripting. This vulnerability is traded as CVE-2024-8154. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Data Format Extension on Jackson. It has been classified as very critical. This affects an unknown part of the component XmlMapper. The manipulation leads to xml external entity reference. This vulnerability is uniquely identified as CVE-2016-3720. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0. It has been rated as very critical. Affected by this issue is some unknown functionality of the component Apache ActiveMQ. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2015-5254. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in PHP 5.2.1 and classified as critical. Affected by this vulnerability is the function substr_compare. The manipulation of the argument length leads to integer coercion error. This vulnerability is known as CVE-2007-1375. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Blueriver Sava CMS up to 5.2. Affected is an unknown function of the file fileManager.cfc. The manipulation of the argument FILEID leads to path traversal. This vulnerability is traded as CVE-2010-3468. It is possible to launch the attack remotely. Furthermore, there is an exploit available.