CVE-2025-13241

A flaw has been found in code-projects Student Information System 2.0. This vulnerability affects unknown code of the file /index.php. Executing manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used...

CVE-2025-13241 code-projects Student Information System index.php sql injection

A flaw has been found in code-projects Student Information System 2.0. This vulnerability affects unknown code of the file /index.php. Executing manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used...

CVE-2020-13241

Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/loadmodule:usersedit-user=1 does not verify that the file extension used with the Add Image option on the Edit User screen corresponds to an image file...

CVE-2024-13241

Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.0.5...

CVE-2024-13241 Open Social - Moderately critical - Information Disclosure - SA-CONTRIB-2024-005

Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.0.5...

CVE-2024-13241

CVE-2024-13241 affects the Drupal Open Social distribution. Open Social versions 0.0.0 through 12.0.4 contain an improper authorization flaw that enables collecting data from common resource locations, resulting in information disclosure. The vulnerability is tied to the authorization controls in...

CVE-2024-13241 Open Social - Moderately critical - Information Disclosure - SA-CONTRIB-2024-005

Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.0.5...

Mageia: Security Advisory (MGASA-2019-0396)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-31444

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Design/Logic Flaw

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2021-31444

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2020-13241

CVE-2020-13241 affects Microweber 1.1.18. The issue is an uncontrolled/unrestricted file upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the added file’s extension corresponds to an image file. This can enable upload of non-image files via the Add Image option...

Updated flightcrew packages fix security vulnerabilities

The updated packages fix security vulnerabilities: An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx or GetRelativePathsToXhtmlDocuments when a NULL pointer is passed to xc::XMLUri::isValidURI. This affects third-party software not...

MGASA-2019-0396 Updated flightcrew packages fix security vulnerabilities

The updated packages fix security vulnerabilities: An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx or GetRelativePathsToXhtmlDocuments when a NULL pointer is passed to xc::XMLUri::isValidURI. This affects third-party software not...

USN-4055-1: flightcrew vulnerabilities

Mike Salvatore discovered that FlightCrew improperly handled certain malformed EPUB files. An attacker could potentially use this vulnerability to cause a denial of service. CVE-2019-13032 Mike Salvatore discovered that FlightCrew mishandled certain malformed EPUB files. An attacker could use thi...

CVE-2019-13241

FlightCrew v0.9.2 and older are affected by CVE-2019-13241 (directory traversal: can write arbitrary files via a ../ in a ZIP entry during extraction). Mageia advisories and Ubuntu USN entries also reference CVE-2019-13241 and confirm that updates fix these flaws; CVE-2019-13032 is a NULL pointer...

IBM Jazz Reporting Service Cross-Site Scripting Vulnerability (CNVD-2019-13241)

IBM Jazz Reporting Service JRS is a suite of applications for discovering cross-project reports from IBM in the United States. A cross-site scripting vulnerability exists in IBM JRS Report Builder that stems from the WEB application failing to validate client-side data, which can be exploited by ...

CVE-2017-13241

CVE-2017-13241 is an information-disclosure vulnerability in the Android media framework component libstagefright_soft_avcenc . Affected Android versions include 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, and 8.1. The connected sources confirm the issue is an information disclosure vulnerability ...