CVE-2019-11354

The client in Electronic Arts EA Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices...

CVE-2025-11354

A flaw has been found in code-projects Online Hotel Reservation System 1.0. Affected is an unknown function of the file /admin/addslideexec.php. Executing manipulation of the argument image can lead to unrestricted upload. The attack may be performed from remote. The exploit has been published an...

CVE-2025-11354 code-projects Online Hotel Reservation System addslideexec.php unrestricted upload

A flaw has been found in code-projects Online Hotel Reservation System 1.0. Affected is an unknown function of the file /admin/addslideexec.php. Executing manipulation of the argument image can lead to unrestricted upload. The attack may be performed from remote. The exploit has been published an...

CVE-2024-11354

The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delytsingvid function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with...

CVE-2024-11354

creationtimestamp| type| source ---|---|--- 2024-11-21 03:07:50+00:00| seen| https://infosec.exchange/users/cve/statuses/113518737458774262...

CVE-2024-11354

CVE-2024-11354 concerns the WordPress plugin “Ultimate YouTube Video & Shorts Player With Vimeo”. The vulnerability affects all versions up to and including 3.3 and stems from a missing capability check in the del_ytsingvid() function, enabling authenticated attackers with Subscriber-level access...

WordPress Ultimate YouTube Video & Shorts Player With Vimeo Plugin <= 3.3 is vulnerable to Broken Access Control

Software Ultimate YouTube Video & Shorts Player With Vimeo Type Plugin Vulnerable versions = 3.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-11354 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1fa557c19676 Credits...

CVE-2020-11354

CVE-2020-11354 entry is rejected/not used, per the Initial Description.

SUSE: Security Advisory (SUSE-SU-2018:2412-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:2891-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Electronic Arts Origin Client Remote Code Injection (CVE-2019-11354)

A template injection vulnerability exists in the Electronic Arts Origin Client. The vulnerability is due to improper validation of data in the title parameter. Successful exploitation could result in command execution on the target machine in the context of the application...

EA Origin Template Injection Remote Code Execution

Exploit Title: EA Origin 10.5.36 Template Injection Remote Code Execution Date: 04/19/2019 Exploit Author: Dominik Penner @zer0pwn Vendor Homepage: https://www.origin.com Software Link: https://www.origin.com/can/en-us/store/download Version: 10.5.36 and below Tested on: Windows 10 CVE :...

CVE-2019-11354

The CVE-2019-11354 entry concerns the EA Origin Windows client (Origin 10.5.36 and potentially earlier) and a template-injection flaw in the Origin2 URI handler title parameter that can escape the AngularJS sandbox, enabling remote code execution via an origin2://game/launch URL used by QtApplica...

Wireshark 2.6.x < 2.6.1 Multiple Vulnerabilities

The version of Wireshark installed on the remote Windows host is prior to 2.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.6.1 advisory. - In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in...

[ASA-201805-24] wireshark-common: multiple issues

Arch Linux Security Advisory ASA-201805-24 ========================================== Severity: Critical Date : 2018-05-25 CVE-ID : CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 Package : wireshark-common Typ...

[ASA-201805-23] wireshark-qt: multiple issues

Arch Linux Security Advisory ASA-201805-23 ========================================== Severity: Critical Date : 2018-05-25 CVE-ID : CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 Package : wireshark-qt Type :...

[ASA-201805-22] wireshark-gtk: multiple issues

Arch Linux Security Advisory ASA-201805-22 ========================================== Severity: Critical Date : 2018-05-25 CVE-ID : CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 Package : wireshark-gtk Type :...

[ASA-201805-25] wireshark-cli: multiple issues

Arch Linux Security Advisory ASA-201805-25 ========================================== Severity: Critical Date : 2018-05-25 CVE-ID : CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 Package : wireshark-cli Type :...

Security fix for the ALT Linux 9 package wireshark version 2.6.1-alt1

May 24, 2018 Anton Farygin 2.6.1-alt1 - 2.6.1 fixes: CVE-2018-11359, CVE-2018-11361, CVE-2018-11358, CVE-2018-11360, CVE-2018-11356, CVE-2018-11357, CVE-2018-11355, CVE-2018-11354, CVE-2018-11362...

CVE-2018-11354

In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling...