Search Results | AttackerKB

144 Total Results

Displaying 61-70 of 144

Attacker Value

Unknown

CVE-2019-18799

Disclosure Date: November 06, 2019 (last updated November 27, 2024)

LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parser_selectors.cpp.

Attacker Value

Unknown

CVE-2014-10394

Disclosure Date: August 22, 2019 (last updated November 27, 2024)

The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header.

Attacker Value

Unknown

CVE-2007-6763

Disclosure Date: July 31, 2019 (last updated November 27, 2024)

SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser.

Attacker Value

Unknown

CVE-2019-5434

Disclosure Date: May 06, 2019 (last updated November 27, 2024)

An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third party websites. This vulnerability was addressed in version 4.2.0.

Attacker Value

Unknown

CVE-2018-20821

Disclosure Date: April 23, 2019 (last updated November 27, 2024)

The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).

Attack Vector: Network Privileges: None User Interaction: Required

Attacker Value

Unknown

CVE-2018-20822

Disclosure Date: April 23, 2019 (last updated November 27, 2024)

LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).

Attack Vector: Network Privileges: None User Interaction: Required

Attacker Value

Unknown

CVE-2018-20732

Disclosure Date: January 17, 2019 (last updated November 27, 2024)

SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant.

Attacker Value

Unknown

CVE-2015-9281

Disclosure Date: January 17, 2019 (last updated November 27, 2024)

Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page.

Attacker Value

Unknown

CVE-2018-20733

Disclosure Date: January 17, 2019 (last updated November 27, 2024)

BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE.

Attacker Value

Unknown

CVE-2019-6283

Disclosure Date: January 14, 2019 (last updated November 27, 2024)

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.

Attack Vector: Network Privileges: None User Interaction: Required

144 Total Results

Displaying 61-70 of 144

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Quick Cookie Notification