ECHO-6117-9153-F091

Bulletin has no description...

CVE-2025-9153

A vulnerability was detected in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/travellers.php. The manipulation of the argument photo results in unrestricted upload. The attack can be launched remotely. The exploit ...

CVE-2025-9153 itsourcecode Online Tour and Travel Management System travellers.php unrestricted upload

A vulnerability was detected in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/travellers.php. The manipulation of the argument photo results in unrestricted upload. The attack can be launched remotely. The exploit ...

MAL-2025-9153 Malicious code in @patrten/accusamus-aspernatur (npm)

The package @patrten/accusamus-aspernatur was found to contain malicious code...

Linux Distros Unpatched Vulnerability : CVE-2017-9153

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnmloadrawpbm function in input-pnm.c:391:13. CVE-2017-9153 Note that Nessus relies o...

SUSE CVE-2017-9153

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnmloadrawpbm function in input-pnm.c:391:13...

CVE-2019-9153

CVE-2019-9153 affects OpenPGP.js: improper verification of cryptographic signatures in OpenPGP.js up to version 4.1.2 allows forging signed messages by substituting a standalone or timestamp signature. The issue is documented across multiple sources (NVD entry for CVE-2019-9153 and related adviso...

CVE-2019-9153

Improper Verification of a Cryptographic Signature in OpenPGP.js =4.1.2 allows an attacker to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature...

CVE-2015-9153

CVE-2015-9153 describes a buffer over-read in a DRM function on Android devices with Qualcomm Snapdragon SoCs (mobile/automotive/wearable) prior to the 2018-04-05 patch level. The issue affects a wide range of Qualcomm chipsets (e.g., SD 210–850 families) and can lead to high-severity impact (per...

CVE-2018-9153

The CVE concerns Z-BlogPHP 1.5.1. The plugin upload component enables remote PHP code execution via the app_id parameter to zb_users/plugin/AppCentre/plugin_edit.php due to an unanchored regular expression. Access must be direct by an administrator or via CSRF. This is a distinct issue from CVE-2...

CVE-2017-9153

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnmloadrawpbm function in input-pnm.c:391:13...

UBUNTU-CVE-2017-9153

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnmloadrawpbm function in input-pnm.c:391:13...

CVE-2017-9153

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnmloadrawpbm function in input-pnm.c:391:13...

CVE-2017-9153

CVE-2017-9153 affects AutoTrace 0.31.1 (libautotrace.a) with a heap-based buffer overflow in pnm_load_rawpbm (input-pnm.c:391:13). This can be triggered by a crafted bitmap image, potentially enabling remote code execution or DoS. Remediation in public advisories recommends upgrading to a newer A...

CVE-2014-9153

Cross-site scripting XSS vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the callback parameter in a JSONP response...

CVE-2014-9153

Cross-site scripting XSS vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the callback parameter in a JSONP response...

CVE-2014-9153

CVE-2014-9153 is a XSS vulnerability in the Drupal Services module for Drupal 7.x-3.x, present before 7.x-3.10. The issue arises from an unfiltered JSONP callback parameter, allowing remote authenticated users to inject arbitrary JavaScript in a JSONP response. Affected version range is Services ...