2 results (0.003 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability has been found in Red Snapper NView and classified as critical. This vulnerability affects the function mutate of the file src/Session.php. The manipulation of the argument session leads to sql injection. The name of the patch is cbd255f55d476b29e5680f66f48c73ddb3d416a8. It is recommended to apply a patch to fix this issue. • https://github.com/RedSnapper/NView/commit/cbd255f55d476b29e5680f66f48c73ddb3d416a8 https://vuldb.com/?ctiid.217516 https://vuldb.com/?id.217516 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

Untrusted search path vulnerability (RPATH) in XnView 1.70 and NView 4.51 on Gentoo Linux allows local users to execute arbitrary code via a malicious library in the current working directory. • http://bugs.gentoo.org/show_bug.cgi?id=117063 http://secunia.com/advisories/18235 http://secunia.com/advisories/18240 http://www.gentoo.org/security/en/glsa/glsa-200512-18.xml http://www.osvdb.org/22093 http://www.osvdb.org/22094 http://www.securityfocus.com/bid/16087 https://exchange.xforce.ibmcloud.com/vulnerabilities/23910 •