Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

DOMSanitizer Security Vulnerability

DOMSanitizer is a DOM Document Object Model security operation or filter by Andy Miller, a personal developer. A security vulnerability exists in versions of DOMSanitizer prior to 1.0.7 that stems from mishandling of annotations and greedy regular expressions, allowing cross-site scripting XSS...

kernel: tick/nohz: unexport __init-annotated tick_nohz_full_setup()

In the Linux kernel, the following vulnerability has been resolved: tick/nohz: unexport init-annotated ticknohzfullsetup EXPORTSYMBOL and init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated init. The access to ...

Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

PT-2023-29238 · Kofax · Kofax Power Pdf

Name of the Vulnerable Software and Affected Versions: Kofax Power PDF affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a maliciou...

Format string

Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges...

CVE-2023-43791

Label Studio (before 1.8.2) is affected by an ORM Leak chain that can impersonate any account, enabling privilege escalation to a Django Super Administrator. A patch was introduced in 1.8.2. Public references describe a hard-coded SECRET_KEY vulnerability and a follow-on exploit path that leverag...

CVE-2023-40215

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1...

CVE-2023-40215

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1...

WordPress Plugin demon image annotation SQL injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

CVE-2023-40215 WordPress Demon image annotation Plugin <= 5.1 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1...

CVE-2023-40215 WordPress Demon image annotation Plugin <= 5.1 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1...

CVE-2023-40215

CVE-2023-40215 refers to a WordPress plugin vulnerability in the Demon image annotation plugin (demon-image-annotation). The issue is an SQL Injection caused by improper neutralization of special elements in SQL commands, affecting versions listed as n/a through 5.1. Public sources corroborate th...

PT-2023-27332 · Unknown · Demon Image Annotation

Name of the Vulnerable Software and Affected Versions: demon image annotation versions n/a through 5.1 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

SUSE CVE-2023-5043

Ingress nginx annotation injection causes arbitrary command execution...

SUSE CVE-2023-5044

Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation...

Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation

A security issue was identified in ingress-nginx where the nginx.ingress.kubernetes.io/permanent-redirect annotation on an Ingress object in the networking.k8s.io or extensions API group can be used to inject arbitrary commands, and obtain the credentials of the ingress-nginx controller. In the...

Ingress nginx annotation injection causes arbitrary command execution

Issue Details A security issue was identified in ingress-nginx where the nginx.ingress.kubernetes.io/configuration-snippet annotation on an Ingress object in the networking.k8s.io or extensions API group can be used to inject arbitrary commands, and obtain the credentials of the ingress-nginx...

CVE-2023-5043

Ingress nginx annotation injection causes arbitrary command execution...