The GeoGebra CAS Calculator version 6.0.631.0 is vulnerable to a Denial of Service (DoS) attack. By providing a specially crafted payload.txt file as input, an attacker can cause the program to crash, resulting in a denial of service condition.
The GeoGebra Classic version 5.0.631.0-d is vulnerable to a denial of service (DoS) attack. By running a specially crafted Python script, an attacker can create a payload.txt file with a large amount of data, causing the GeoGebra program to crash when the content of the file is pasted in the 'Entrada' field.
The GeoGebra Graphing Calculator version 6.0.631.0 is vulnerable to a denial of service attack. By providing a specially crafted input in the 'Entrada...' field, an attacker can cause the application to crash, resulting in a denial of service condition.
An issue was discovered in CouchCMS v2.2.1 that allows XSS via an /couch/includes/kcfinder/browse.php SVG upload.
The non-privileged default user can elevate his/her privileges by sending a HTTP GET request to the configuration backup endpoint and disclose the http super password (admin credentials) in Base64 encoded value. Once authenticated as admin, an attacker will be granted access to the additional and privileged pages.
This vulnerability could permit executing code during startup or reboot with the escalated privileges.
This vulnerability could permit executing code during startup or reboot with the escalated privileges.
A buffer overflow exists in GoldenFTP during the authentication process. Note that the source ip address of the user performing the authentication forms part of the buffer and as such must be accounted for when calculating the appropriate offset. It should also be noted that the exploit is rather unstable and if exploitation fails, GoldenFTP will be left in a state where it will still accept connections, but it will be unable to handle or process them in anyway, so be careful.
Non-authenticated user can remotely instantiate object of any class existing in the GLPI environment that can be used to carry out malicious attacks, or to start a “POP chain”. As an example of direct impact, this vulnerability affects integrity of the GLPI core platform and third-party plugins runtime misusing classes which implement some sensitive operations in their constructors or destructors.
The Joomla JCK Editor version 6.4.4 is vulnerable to SQL Injection. The vulnerability allows an attacker to inject malicious SQL statements into the 'parent' parameter in the 'links.php' file. By exploiting this vulnerability, an attacker can retrieve sensitive information from the database or modify the database contents.
Services By CQR