CVE-2022-25629

An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page Annotation Text Column...

[SECURITY] Fedora 37 Update: sonic-visualiser-4.5-3.fc37

Sonic Visualiser is an application for viewing and analyzing the contents of music audio files. The aim of Sonic Visualiser is to be the first program you reach for when want to study a musical recording rather than simply listen to it. As well as a number of features designed to make exploring...

[SECURITY] Fedora 36 Update: sonic-visualiser-4.5-2.fc36

Sonic Visualiser is an application for viewing and analyzing the contents of music audio files. The aim of Sonic Visualiser is to be the first program you reach for when want to study a musical recording rather than simply listen to it. As well as a number of features designed to make exploring...

PT-2022-6455 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this issue, where the target mus...

CVE-2022-38097

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. By prematurely destroying annotation objects, a specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An...

Design/Logic Flaw

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. By prematurely destroying annotation objects, a specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An...

GSD-2022-1007461 kcm: annotate data-races around kcm->rx_psock

kcm: annotate data-races around kcm-rxpsock This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.264 by commit...

GSD-2022-1007345 kcm: annotate data-races around kcm->rx_psock

kcm: annotate data-races around kcm-rxpsock This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.223 by commit...

GSD-2022-1007170 kcm: annotate data-races around kcm->rx_psock

kcm: annotate data-races around kcm-rxpsock This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.153 by commit...

PT-2022-24199 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit Software's PDF Reader version 12.0.1.12430 Description: A use-after-free issue exists in the JavaScript engine of Foxit Software's PDF Reader. This occurs when annotation objects are prematurely destroyed, allowing a specially-crafted P...

CVAT 2.0 - Server Side Request Forgery

Exploit Title: CVAT 2.0 - SSRF Server Side Request Forgery Exploit Author: Emir Polat Vendor Homepage: https://github.com/opencv/cvat Version: 2.0.0 Tested On: Version 1.7.0 - Ubuntu 20.04.4 LTS GNU/Linux 5.4.0-122-generic x8664 CVE: CVE-2022-31188 Description: CVAT is an opensource interactive...

CVE-2022-2864

The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the /includes/settings.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and...

CVE-2022-2864

The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the /includes/settings.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and...

CVE-2022-2864

The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the /includes/settings.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and...

PT-2022-19129 · WordPress · Demon Image Annotation Plugin

Name of the Vulnerable Software and Affected Versions: demon image annotation plugin for WordPress versions up to, and including, 4.7 Description: The issue is related to Cross-Site Request Forgery due to missing nonce validation in the /includes/settings.php file. This allows unauthenticated...

WordPress plugin demon image annotation 跨站请求伪造漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. Cross-site request forgery vulnerability exists in WordPress demon image annotation 4.7 and earlier versions, which stems from the lack of nonce...

WordPress Demon Image Annotation plugin <= 4.7 - Arbitrary Settings Update to Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Settings Update leading to Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability discovered by Yamato Kamioka in WordPress Demon Image Annotation plugin versions = 4.7. Solution Update the WordPress Demon image annotation plugin to the latest available versio...

Demon Image Annotation < 4.8 - Arbitrary Settings Update to Stored XSS via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation and escaping in some of them, it could also lead to Stored Cross-Site Scripting...

Denial Of Service (DoS)

xstream is vulnerable to denial of service. The vulnerability exists due to the stack overflow in the processConverterAnnotations function of AnnotationMapper.java, allowing an attacker to cause an application crash by providing malicious input through the parser...

nuclei-templates

This is a GitHub repository for a community-curated list of templates for the Nuclei engine to find security vulnerabilities in applications. The repository contains various templates for the scanner provided by the team and contributed by the community. The templates are stored in the...