CVE-2022-24249

A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtraboxwrite function in /boxcodebase.c, which causes a Denial of Service. This vulnerability was fixed in commit 71f9871...

UBUNTU-CVE-2022-24249

A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtraboxwrite function in /boxcodebase.c, which causes a Denial of Service. This vulnerability was fixed in commit 71f9871...

GPAC 代码问题漏洞

GPAC is an open source multimedia framework. gpac has a security vulnerability that stems from a null pointer dereference vulnerability in the xtraboxwrite function in /boxcodebase.c in GPAC 1.1.0, which can lead to a denial of service. No details of the vulnerability are currently available...

CVE-2021-46445

H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/categories.php?boxgroupid...

CVE-2021-46445

H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/categories.php?boxgroupid...

Mageia: Security Advisory (MGASA-2019-0236)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-46083

uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting XSS via the input box of the statistical code...

Cross site scripting

uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting XSS via the input box of the statistical code...

Cross site scripting

A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vulnerability that can be injected through the nickname input box...

CVE-2021-46083

uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting XSS via the input box of the statistical code...

CVE-2021-46084

CVE-2021-46084 affects uscat, a forum system based on Javaex + Ssm. The vulnerability is a Cross Site Scripting (XSS) issue via the "close registration information" input box. The connected documents confirm the vulnerability exists but do not provide exploitation details, affected versions, or r...

CVE-2021-46034

ForestBlog is affected by a cross-site scripting (XSS) vulnerability exploitable via the nickname input box. The issue stems from insufficient validation of client-side data, allowing injected JavaScript to execute in the victim’s browser. Public references describe the vulnerability across multi...

Uscat 跨站脚本漏洞

Uscat is a forum system based on Javaex + Ssm development. A cross-site scripting vulnerability exists in uscat, which stems from an input box via statistical code that is susceptible to cross-site scripting XSS attacks...

Box 2FA Bypass Opens User Accounts to Attack

UPDATE A security hole in Box, the cloud-based file-sharing service, paved the way for busting its multifactor authentication MFA, researchers said – and it’s the second such MFA bypass they have discovered in the service so far. Clearly, the stakes are high – gaining access to a Box account coul...

Researchers Bypass SMS-based Multi-Factor Authentication Protecting Box Accounts

Cybersecurity researchers have disclosed details of a now-patched bug in Box's multi-factor authentication MFA mechanism that could be abused to completely sidestep SMS-based login verification. "Using this technique, an attacker could use stolen credentials to compromise an organization's Box...

DEBIAN-CVE-2021-40569

The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerability in the ilocentrydel funciton in boxcodemeta.c, which allows attackers to cause a denial of service...

DEBIAN-CVE-2021-40571

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilstboxread function in boxcodeapple.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges...

CVE-2021-40571

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilstboxread function in boxcodeapple.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges...

PT-2022-11263 · Gpac · Gpac

Name of the Vulnerable Software and Affected Versions: Gpac version 1.0.1 Description: The issue is related to a double-free vulnerability in the ilst box read function in box code apple.c, which can be exploited by attackers to cause a denial of service, potentially leading to code execution and...

PT-2022-11957 · Lorensbergs · Lorensbergs Connect2

Name of the Vulnerable Software and Affected Versions: Lorensbergs Connect2 version 3.13.7647.20190 Description: The issue concerns an XSS vulnerability that requires administrator privileges to exploit. It is performed through the Wizard editor of the application, where an administrator must ent...