An off-by-one error in ngx_resolver_copy() while processing DNS responses allows a network attacker to write a dot character (‘.’, 0x2E) out of bounds in a heap allocated buffer. The vulnerability…
Postbird 0.8.4 – Javascript Injection
Gadget Works Online Ordering System version 1.0 suffers from a persistent cross site scripting vulnerability.
WordPress Cookie Law Bar plugin version 1.2.1 suffers from a persistent cross site scripting vulnerability.
The QImageReader class can read out-of-bounds when converting a specially-crafted TIFF file into a QImage, where the TIFF tile length is inconsistent with the tile size. This could potentially allow…
Pluck CMS 4.7.13 – File Upload Remote Code Execution (Authenticated)
Codiad 2.8.4 – Remote Code Execution (Authenticated) (3)
ProFTPd 1.3.5 – ‘mod_copy’ Remote Command Execution (2)
RarmaRadio 2.72.8 – Denial of Service (PoC)
The QImageReader class can read out-of-bounds when converting a specially-crafted TIFF file into a QImage, where the TIFF tile length is inconsistent with the tile size. This could potentially allow…