20 matches found
EUVD-2005-4077
Malware in sbrugna...
EUVD-2024-0063
Malicious code in bioql PyPI...
EUVD-2025-13748
Malicious code in bioql PyPI...
CVE-2024-4941
A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the postprocess function within gradio/components/jsoncomponent.py, where a user-controlled string is parsed as JSON. If the parsed JSON...
PT-2024-33521 · Gradio App · Gradio
Name of the Vulnerable Software and Affected Versions: gradio-app/gradio version 4.25 Description: A local file inclusion issue exists due to improper input validation in the postprocess function within gradio/components/json component.py. This allows a user-controlled string to be parsed as JSON...
WordPress Maps Widget for Google Maps Plugin <= 4.24 is vulnerable to Cross Site Scripting (XSS)
Software Maps Widget for Google Maps Type Plugin Vulnerable versions = 4.24 Fixed in 4.25 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1913 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 086ac6e4c3d5 Credits Marco Wotschka...
CVE-2021-28496
On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection BFD will be leaked when displaying output over eAPI or other JSON outputs to other authenticated users on the devic...
CVE-2021-38315
The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the /functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25...
CVE-2020-29193
Panasonic Security System WV-S2231L 4.25 has an insecure hard-coded password of lkjhgfdsa which is just the asdf keyboard row in reverse order...
QSSL QNX 4.25 A crypt() Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1114/info A design error in the operation of the crypt3 function exists in QNX, from QNX System Software, Limited QSSL. The flaw allows the recovery of passwords from the hashes. On most Unix variants, crypt3 is based on ...
QNX RTOS 4.25/6.1 phgrafxPrivilege Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4915/info The QNX phgrafx utility is prone to an issue which may make it possible for local attackers to escalate privileges. This issue is due to unsafe use of the system function to invoke other programs. This...
Movable Type cross-site scripting vulnerability
Overview Movable Type contains a cross-site scripting vulnerability. Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is a different vulnerability than past reports on JVN. This vulnerability has been fixed and an updated version...
JVN#97248625 Movable Type cross-site scripting vulnerability
Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is a different vulnerability than past reports on JVN. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest versio...
QNX 4.25 suided dhcp.client binary
Hello all, I recently got a QNX 4.25 vmware image and i found that the dhcp.client shipped with it is suided. This obviously enables a normal user to control the NIC's configuration and produce some other attacks eg: if the system has some services which depend on 'host/ip based' authentication...
CVE-2002-2120
CVE-2002-2120 affects QNX RTOS 4.25. The vulnerability consists of multiple buffer overflows in the OS kernel/user interfaces that can be triggered by long filename arguments to (1) Watcom or (2) int10, potentially allowing arbitrary code execution. Public references likewise describe buffer over...
CVE-2002-2039
In QNX RTOS versions 4.25 and 6.1.0, /bin/su allows local users to read sensitive information from core dump files by sending SIGSERV (invalid memory reference); impact is partial confidentiality. The description notes the local privilege/impact but does not provide exploitable details, affected ...
CVE-2002-1633
Multiple buffer overflows in QNX 4.25 may allow local users to execute arbitrary code via long command line arguments to 1 sample, 2 ex, 3 du, 4 find, 5 lex, 6 mkdir, 7 rm, 8 serserv, 9 tcpserv, 10 termdef, 11 time, 12 unzip, 13 use, 14 wcc, 15 wcc386, 16 wd, 17 wdisasm, 18 which, 19 wlib, 20...
CVE-2002-1633
CVE-2002-1633 : In QNX 4.25, multiple buffer overflows in various utilities (e.g., sample, ex, du, find, lex, mkdir, rm, serserv, tcpserv, termdef, time, unzip, use, wcc, wlink, wpp, write, etc.) may allow a local user to execute arbitrary code via long command line arguments. The description spe...
CVE-2002-1633
Multiple buffer overflows in QNX 4.25 may allow local users to execute arbitrary code via long command line arguments to 1 sample, 2 ex, 3 du, 4 find, 5 lex, 6 mkdir, 7 rm, 8 serserv, 9 tcpserv, 10 termdef, 11 time, 12 unzip, 13 use, 14 wcc, 15 wcc386, 16 wd, 17 wdisasm, 18 which, 19 wlib, 20...
CVE-2002-0793
CVE-2002-0793 affects QNX RTOS 4.25 (QNX4). Hard link and possibly symbolic link following allow local users to overwrite arbitrary files via specific arguments: monitor -f, dumper -d, crttrap -c, or the Watcom sample utility. Vulnerability is local with LOW attack complexity and partial confiden...