216 matches found
CVE-2023-30554 SQL injection in sql_api/api_workflow.py endpoint in Archery - GHSL-2022-103
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the sqlapi/apiworkflow.py endpoint ExecuteCheck which passes unfiltered...
AimOne Video Converter V2.04 Build 103 - Buffer Overflow (DoS)
Title: AimOne Video Converter V2.04 Build 103 - Buffer Overflow DoS Author: nu11secur1ty Date: 01.05.2023 Vendor: https://aimone-video-converter.software.informer.com/, http://www.aimonesoft.com/ Software: https://aimone-video-converter.software.informer.com/download/?ca85d0 Reference: Descriptio...
103-astana.kz Cross Site Scripting vulnerability OBB-3205587
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
SUSE CVE-2022-2505
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR...
SUSE CVE-2022-36314
When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.This bug only affects Firefox for Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR...
SUSE CVE-2022-36315
When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox 103...
SUSE CVE-2022-36316
When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox 103...
SUSE CVE-2022-36317
When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 103...
SUSE CVE-2022-36320
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 103...
CVE-2023-24525
SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application...
Cross site scripting
SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application...
PT-2023-19673 · Sap · Sap Crm Webclient Ui
Name of the Vulnerable Software and Affected Versions: SAP CRM WebClient UI versions WEBCUIF 748, 800, 801, S4FND 102, 103 Description: The issue is related to insufficient encoding of user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability. On successful exploitation, an...
SAP CRM 跨站脚本漏洞
SAP CRM is a customer relationship management system from SAP, Germany. A cross-site scripting vulnerability exists in SAP CRM WebClient UI WEBCUIF version 748, version 800, version 801, S4FND version 102, version 103, which stems from not adequately coding user input...
CVE-2022-36320
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 103...
CVE-2022-36320
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 103...
CVE-2022-36316
When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox 103...
CVE-2022-36315
When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox 103...
UBUNTU-CVE-2022-36314
When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.This bug only affects Firefox for Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR...
CVE-2022-36317
When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 103...
CVE-2022-38477
Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...