A Cross Site Scripting (XSS) vulnerability exists in DanPros htmly 2.8.1 via the Description field in (1) admin/config, and (2) index.php pages. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
A Cross Site Scripting vulnerabilty exists in Pixelimity 1.0 via the Site Description field in pixelimity/admin/setting.php Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
A buffer overflow in ecma_builtin_typedarray_prototype_filter() in JerryScript version fe3a5c0 allows an attacker to construct a fake object or a fake arraybuffer with unlimited size. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxml_string_getc:2611. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
A vulnerability, which was classified as problematic, has been found in cocagne pysrp up to 1.0.16. This issue affects the function calculate_x of the file srp/_ctsrp.py. The manipulation leads to information exposure through discrepancy. Upgrading to version 1.0.17 is able to address this issue. The name of the patch is dba52642f5e95d3da7af1780561213ee6053195f. It is recommended to…
A memory leak issue was discovered in Mini-XML v3.2 that could cause a denial of service. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent’s (DSA) AgentDaServlet has directory traversal vulnerabilities at the “/api/appInternals/1.0/agent/da/pcf” API. The affected endpoint does not have any validation of the user’s input that allows a malicious payload to be injected. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allows an attacker to craft its own malicious payload to trigger a XSS vulnerability. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için…
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the “.debug_command.config” file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the “/api/appInternals/1.0/agent/configuration” API to map the corresponding ID to a command to be executed. Zafiyet ile ilgili Genel Bilgi,…
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent’s (DSA) PluginServlet has directory traversal vulnerabilities at the “/api/appInternals/1.0/plugin/pmx” API. The affected endpoint does not have any input validation of the user’s input that allows a malicious payload to be injected. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability…
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent’s (DSA) AgentDiagnosticServlet has directory traversal vulnerability at the “/api/appInternals/1.0/agent/diagnostic/logs” API. The affected endpoint does not have any input validation of the user’s input that allows a malicious payload to be injected. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability…
A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database