On Thu, Dec 20, 2018 at 09:03:08AM +0800, zzt0907 wrote:
> # LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232)
> https://github.com/shelltdf/libtiff/commit/25f9ffa56548c1846c4a1f19308b7f561f7b1ab0
I'm curious why do you post about minor memory leak after over year from fix,
[Vendor]
us.dlink.com
[Product]
DIR-140L (version 1.02)
DIR-640L (version 1.01RU)
Other versions might also be affected.
[Vulnerability Type]
admin credentials disclosure
[Affected Component]
Web Interface
[CVE Reference]
CVE-2018-18009
[Security Issue]
An authenticated user can visit
[Vendor]
us.dlink.com
[Product]
D-Link DSL-2770L (version ME_1.01, ME_1.02, AU_1.06)
D-Link DIR-140L, DIR-640L (version 1.00, 1.01RU, 1.02)
D-Link DWR-116, DWR-512, DWR-555, DWR-921 (version V1.03, V1.05, V2.01, V2.02)
[Vulnerability Type]
admin credentials disclosure
[Affected Component]
Web
[Vendor]
us.dlink.com
[Product]
D-Link DSL-2770L (version ME_1.01, ME_1.02, AU_1.06)
[Vulnerability Type]
admin credentials disclosure
[Affected Component]
Web Interface
[CVE Reference]
CVE-2018-18007
[Security Issue]
An authenticated user can visit the page atbox.htm, for example,
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
In 2006...
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Hello participants of Mailing List.
Since announcement of DAVOSET in 2010 and all releases, I've made next
update of the software. Recently DAVOSET v.1.3.7 was released - DDoS attacks
via other sites execution tool (http://websecurity.com.ua/davoset/).
Video demonstration of DAVOSET:
Hello list!
There are Directory Traversal and Cross-Site Request Forgery vulnerabilities
in Transcend Wi-Fi SD Card.
-
Affected products:
-
Vulnerable is the next model: Transcend Wi-Fi SD Card 16 GB, Firmware v.1.8.
This model with other
I. VULNERABILITY
-
Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the
Notes column of the Alarms section
II. CVE REFERENCE
-
CVE-2018-20339
III. VENDOR
-
https://www.manageengine.com
IV. TIMELINE
I. VULNERABILITY
-
Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL
injection in the Alarms section
II. CVE REFERENCE
-
CVE-2018-20338
III. VENDOR
-
https://www.manageengine.com
IV. TIMELINE
I. VULNERABILITY
-
Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection
via the getGraphData API.
II. CVE REFERENCE
-
CVE-2018-20173
III. VENDOR
-
https://www.manageengine.com
IV. TIMELINE
Greetings,
We are super excited to announce version 4.0 of Capstone disassembler
framework!
Exactly 5 years ago, on December 18th of 2013, we published the first
version. Today, this release 4.0 marks 5 years of our project! Such a long
journey, which is impossible without huge community
SecureAuth - SecureAuth Labs Advisory
http://www.secureauth.com/
GIGABYTE Drivers Elevation of Privilege Vulnerabilities
*1. *Advisory Information**
Title: GIGABYTE Drivers Elevation of Privilege Vulnerabilities
Advisory ID: CORE-2018-0007
Advisory URL:
SecureAuth - SecureAuth Labs Advisory
http://www.secureauth.com/
ASUS Drivers Elevation of Privilege Vulnerabilities
*1. *Advisory Information**
Title: ASUS Drivers Elevation of Privilege Vulnerabilities
Advisory ID: CORE-2017-0012
Advisory URL:
# Buffer Overflow in function match() PCRE 8.41 (CVE-2017-16231)
## Product Download: https://sourceforge.net/projects/pcre/files/pcre/
## Vulnerability Type??Buffer Overflow
## Attack Type : local
## Vulnerability Description
a pcretest load test PoC produces a crash overflow in the function
#CVE-2017-16232
# LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232)
## Product Download: http://www.libtiff.org/ http://download.osgeo.org/libtiff/
## Vulnerability Type??memory leak
## Attack Type : local
## Vulnerability Description
LibTIFF 4.0.8 has multiple memory leak
16 matches
Mail list logo