The vulnerability of the `gdImageCreateFromXbm` function in the GD graphics library for the PHP programming language allows a malicious actor to gain unauthorized access to sensitive information, due to a lack of mechanisms to verify the correctness of input data.

The vulnerability of the gdImageCreateFromXbm function in the GD graphics library for the PHP programming language is related to the lack of mechanisms for checking input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to sensitive information...

The vulnerability of Firefox’s browser security policy, related to the lack of input data validation mechanisms, allows attackers to compromise data integrity.

The vulnerability of Firefox’s browser security policy is related to the lack of a mechanism for checking input data. Exploiting this vulnerability allows an attacker to compromise data integrity by using the HTTP protocol...

Zulip server cross-site scripting vulnerability (CNVD-2020-33258)

Zulip server is an open source team chat application from the American company Zulip. A cross-site scripting vulnerability exists in Zulip Server versions prior to 2.1.3. The vulnerability stems from the WEB application's lack of proper validation of client-side data. An attacker can exploit this...

Cross-site scripting vulnerability in multiple NETGEAR products (CNVD-2020-42022)

NETGEAR M4300-28G and others are a managed switch from NETGEAR. A cross-site scripting vulnerability exists in multiple NETGEAR products. The vulnerability stems from the lack of proper validation of client data by the WEB application. An attacker can exploit this vulnerability to execute...

PrestaShop cross-site scripting vulnerability (CNVD-2020-25935)

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. A cross-site scripting vulnerability exists in PrestaShop versions prior to 1.7.6.5...

Dolibarr ERP/CRM Admin Tools Cross-Site Scripting Vulnerability

Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, etc. Admin Tools is one of the management tools. A cross-site scripting...

NETGEAR R8500 Buffer Overflow Vulnerability

The NETGEAR R8500 is a wireless router from NETGEAR. A buffer overflow vulnerability exists in the NETGEAR R8500 prior to version 1.0.2.128. The vulnerability stems from a networked system or product performing an operation in memory without properly validating data boundaries, resulting in...

Rukovoditel Cross-Site Scripting Vulnerability

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software has project management , customer relationship management and other functions . A cross-site scripting vulnerability exists in the configuration page in Rukovoditel version 2.5.2. The...

Foxit Reader and PhantomPDF Type Obfuscation Remote Code Execution Vulnerability (CNVD-2020-24448)

Foxit Reader and Foxit PhantomPDF are both Chinese Foxit Foxit company a PDF document reader. A security vulnerability exists in the handling of the OCRAndExportToExcel command in Foxit Reader and Foxit PhantomPDF 9.7.1.29511 and earlier versions for Windows-based platforms, which stems from the...

Buffer Overflow Vulnerability in Multiple NETGEAR Products (CNVD-2020-30757)

The NETGEAR R6250, among others, is a wireless router from NETGEAR. A buffer overflow vulnerability exists in multiple NETGEAR products. The vulnerability stems from a networked system or product performing operations in memory without properly validating data boundaries, resulting in incorrect...

Buffer Overflow Vulnerability in Multiple NETGEAR Products (CNVD-2021-57173)

The NETGEAR R6700, among others, is a wireless router from NETGEAR. A buffer overflow vulnerability exists in multiple NETGEAR products. The vulnerability originates when a network system or product performs an operation on memory without properly validating data boundaries, resulting in an...

Cross-site scripting vulnerability in multiple NETGEAR products (CNVD-2020-27301)

The NETGEAR R8900, among others, is a wireless router from NETGEAR. A cross-site scripting vulnerability exists in several NETGEAR products, which stems from the lack of proper validation of client data by a WEB application and can be exploited by an attacker to execute client code...

Buffer Overflow Vulnerability in Multiple NETGEAR Products (CNVD-2020-30690)

NETGEAR R6250 and others are products of NETGEAR, Inc.NETGEAR R6250 is a wireless router.NETGEAR R6400 is a wireless router.NETGEAR D6220 is a wireless modem.NETGEAR R6400 is a wireless router.NETGEAR R6400 is a wireless router.NETGEAR R6400 is a wireless router.NETGEAR R6400 is a wireless...

chromium-browser: Insufficient data validation in developer tools

Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page...

ipmitool: Buffer overflow in read_fru_area_section function in lib/ipmi_fru.c

A flaw was found in several functions of the IPMItool, where it failed to check data received from a LAN properly. An attacker could use this flaw to craft payloads, which can lead to a buffer overflow and also cause memory corruption, a denial of service, and remote code execution...

Cross-site scripting vulnerability in multiple NETGEAR products (CNVD-2020-27218)

The NETGEAR RBK50, among others, is a wireless router from NETGEAR. A cross-site scripting vulnerability exists in multiple NETGEAR products, which stems from a lack of proper validation of client data by a WEB application and can be exploited by an attacker to execute client-side code...

Cross-site scripting vulnerability in multiple NETGEAR products (CNVD-2020-24415)

The NETGEAR RBK50, among others, is a wireless router from NETGEAR. A cross-site scripting vulnerability exists in multiple NETGEAR products, which stems from a lack of proper validation of client data by a WEB application and can be exploited by an attacker to execute client-side code...

Cross-site scripting vulnerability in multiple NETGEAR products (CNVD-2020-27215)

The NETGEAR RBK50, among others, is a wireless router from NETGEAR. A cross-site scripting vulnerability exists in multiple NETGEAR products, which stems from a lack of proper validation of client data by a WEB application and can be exploited by an attacker to execute client-side code...

Foxit PhantomPDF U3DBrowser U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U...

Foxit PhantomPDF U3DBrowser U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U...