318 matches found
Cross site scripting
A vulnerability was found in capnsquarepants wordcraft up to 0.6. It has been classified as problematic. Affected is an unknown function of the file tag.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 0.7 ...
notrinoserp 安全漏洞
notrinoserp is a web-based ERP by Phương Individual Developer, an accounting system written in PHP and MySql. A security vulnerability exists in versions of notrinoserp prior to 0.7, which stems from its failure to properly restrict rendered UI layers or frames...
notrinoserp 安全漏洞
notrinoserp is a web-based ERP by Phương Individual Developer, an accounting system written in PHP and MySql. A security vulnerability exists in versions prior to notrinosrp v0.7 that stems from exposing private personal information to unauthorized participants, which can result in elevated...
CVE-2022-2871
Cross-site Scripting XSS - Stored in GitHub repository notrinos/notrinoserp prior to 0.7...
CVE-2022-2871 Cross-site Scripting (XSS) - Stored in notrinos/notrinoserp
Cross-site Scripting XSS - Stored in GitHub repository notrinos/notrinoserp prior to 0.7...
PT-2022-19185 · Unknown · Notrinoserp
Name of the Vulnerable Software and Affected Versions: NotrinosERP versions prior to 0.7 Description: The issue is related to stored Cross-site Scripting XSS in the NotrinosERP GitHub repository. A fix is available on the master branch of the repository. Recommendations: For versions prior to 0.7...
GHSA-85Q9-7467-R53Q XSS Vulnerability in Markdown Editor
Impact InvenTree uses EasyMDE for displaying markdown text in various places e.g. for the various "notes" fields associated with various models. By default, EasyMDE does not sanitize input data, and it is possible for malicious code to be injected into the markdown editor, and executed in the use...
WordPress plugin Quotes llama 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Quotes llama plugin 0.7 and earlier versions have a cross-site scripting vulnerability that...
CVE-2022-26507
A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828,...
CVE-2022-26507
A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828,...
CVE-2022-26507
A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828,...
Heap overflow
UNSUPPORTED WHEN ASSIGNED A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825,...
CVE-2022-26507
A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828,...
CVE-2022-25139
njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njsawaitfulfilled...
in netristv/ws-scrcpy
Description read file From server Proof of Concept GET /../../../../../../../../../../../../etc/passwd HTTP/1.1 Host: xxxx Impact test on ws-scrcpy-0.7,this is The latest version...
CVE-2021-21811
A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...
Heap overflow
A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2021-21811
CVE-2021-21811 is described across multiple connected documents as a memory corruption vulnerability in AT&T Labs’ Xmill 0.7, specifically in the XML-parsing CreateLabelOrAttrib functionality. The issue is a heap-based buffer overflow that can be triggered by a specially crafted XML file, potenti...
GHSA-FG47-3C2X-M2WR TimelockController vulnerability in OpenZeppelin Contracts
Impact A vulnerability in TimelockController allowed an actor with the executor role to take immediate control of the timelock, by resetting the delay to 0 and escalating privileges, thus gaining unrestricted access to assets held in the contract. Instances with the executor role set to "open"...
CVE-2021-21828
A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. In the default case of DecodeTreeBlock a label is created via CurPath::AddLabel in order to track the label for later reference. An attacker can provide a malicious fil...