NOTE: this may overlap CVE-2019-15690.Īn issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. Libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value.
This occurs because a set of multiple cookies (between 3 and 5) is being generated when a user successfully logs in, and these sets overlap for successive logins. Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. NOTE: this might overlap CVE-2012-6043.ĭ-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page. Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the cat_id parameter to downloads/downloads.php or article.php. NOTE: this may overlap CVE-2020-25069.Īrtica Proxy before 00 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field.
Rewrapping cineplay code#
USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. The component is: read_2004_section_header. The impact is: execute arbitrary code (remote). GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. Mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. ** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in the failure crate through 0.1.5 for Rust.