36 matches found
CVE-2025-9591 ZrLog Theme Configuration Form config cross site scripting
A security vulnerability has been detected in ZrLog up to 3.1.5. This vulnerability affects unknown code of the file /api/admin/template/config of the component Theme Configuration Form. Such manipulation of the argument footerLink leads to cross site scripting. The attack may be launched remotel...
Linux Distros Unpatched Vulnerability : CVE-2016-9591
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using...
CVE-2024-9591
creationtimestamp| type| source ---|---|--- 2024-10-22 12:06:32+00:00| seen| https://t.me/cvedetector/8597...
CVE-2024-9591 Category and Taxonomy Image <= 1.0.0 - Authenticated (Editor+) Stored Cross-Site Scripting
The Category and Taxonomy Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'categoryimage' parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9591)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9591 advisory. - floppy: use a statically allocated error counter Willy Tarreau Orabug: 34218638 CVE-2022-1652 - x86: Disable RET on kexec Konrad Rzeszutek Wilk Orabu...
Mageia: Security Advisory (MGASA-2017-0474)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:0084-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-9591
Magento versions 2.3.4 and earlier, 2.2.11 and earlier see note, 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to unauthorized access to admin panel...
CVE-2020-9591
CVE-2020-9591 concerns Magento’s defense-in-depth security mitigation vulnerability that could allow unauthorized access to the admin panel. Affected versions include Magento 2.3.4 and earlier, 2.2.11 and earlier, 1.14.4.4 and earlier, and 1.9.4.4 and earlier. The connected documents consistently...
CVE-2020-8853
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2020-8853
Foxit PhantomPDF 9.7.0.29478 is vulnerable to a HTML2PDF conversion out-of-bounds write that can allow remote code execution. The flaw arises from insufficient validation of user-supplied data during HTML-to-PDF conversion, enabling a write past the end of an allocated structure. Exploitation req...
Foxit Reader < 9.7.1 Multiple Vulnerabilities
According to its version, the Foxit Reader application formally known as Phantom installed on the remote Windows host is prior to 9.7.1. It is, therefore, affected by multiple vulnerabilities: - A use-after-free error exists related to handling watermarks, AcroForm objects, text fields, or...
ShoreTel Connect ONSITE < 19.49.1500.0 - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Shoretel Connect Multiple Vulnerability Google Dork: inurl:/signin.php?ret= Author: Ramikan Vendor Homepage: https://www.shoretel.com/ Software Link: https://www.shoretel.com/resource-center/shoretel-connect-onsite-overview...
ShoreTel Connect ONSITE 19.49.1500.0 - Multiple Vulnerabilities
ShoreTel Connect ONSITE 19.49.1500.0 - Multiple Vulnerabilities Exploit Title: Shoretel Connect Multiple Vulnerability Google Dork: inurl:/signin.php?ret= Date: 14/06/2017 Author: Ramikan Vendor Homepage: https://www.shoretel.com/ Software Link:...
ShoreTel Connect ONSITE < 19.49.1500.0 - Multiple Vulnerabilities
Exploit Title: Shoretel Connect Multiple Vulnerability Google Dork: inurl:/signin.php?ret= Date: 14/06/2017 Author: Ramikan Vendor Homepage: https://www.shoretel.com/ Software Link: https://www.shoretel.com/resource-center/shoretel-connect-onsite-overview Version: Tested on 18.62.2000.0,...
CVE-2019-9591
A reflected Cross-site scripting XSS vulnerability in ShoreTel Connect ONSITE before 19.49.1500.0 allows remote attackers to inject arbitrary web script or HTML via the brandUrl parameter...
CVE-2019-9591
ShoreTel Connect ONSITE prior to 19.49.1500.0 is affected by a reflected XSS via the brandUrl parameter. Impact is arbitrary script injection in the user’s browser. Root cause: unvalidated input reflected into the page. Affected component: signin.php (brandUrl parameter). Remediation: upgrade to ...
CVE-2019-9591
A reflected Cross-site scripting XSS vulnerability in ShoreTel Connect ONSITE before 19.49.1500.0 allows remote attackers to inject arbitrary web script or HTML via the brandUrl parameter...
CVE-2018-9591
The CVE-2018-9591 issue affects Android components: the function bta_hh_ctrl_dat_act in bta_hh_act.cc, across Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1, and 9.0. It is caused by a missing bounds check that allows an out-of-bounds read, enabling remote information disclosure without extra privileges, wi...
CVE-2016-9591
JasPer before 2.0.12 is vulnerable to a use-after-free during decoding of certain JPEG 2000 files, which can crash the host process. CVE-2016-9591 is the primary issue; related CVEs in the same family (e.g., CVE-2016-10249, CVE-2016-10251, CVE-2016-8654, CVE-2016-9560, CVE-2016-1867, CVE-2016-208...