UBUNTU-CVE-2021-31254

Buffer overflow in the tencboxread function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file, related invalid IV sizes...

UBUNTU-CVE-2021-31255

Buffer overflow in the abstboxread function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file...

Command Execution Vulnerability in Barclay Box DM4036

Ltd. is a wholly-owned subsidiary of Damai Technology - Dr. Peng Group. Based on the extensive coverage of the Group's broadband business, it is committed to the research, development and application of a full range of intelligent terminal products for users' future work and life. A command...

GPAC 缓冲区错误漏洞

GPAC is a multimedia framework for rich media and distributed under the LGPL license. A buffer overflow vulnerability exists in the tencboxread function in MP4Box in GPAC version 1.0.1. An attacker could exploit this vulnerability via specially crafted files to cause a denial of service or execut...

GPAC 缓冲区错误漏洞

GPAC is a multimedia framework for rich media and distributed under the LGPL license. A buffer overflow vulnerability exists in the abstboxread function in MP4Box in GPAC version 1.0.1. An attacker could exploit this vulnerability via specially crafted files to cause a denial of service or execut...

CVE-2021-24205

In the Elementor Website Builder WordPress plugin before 3.1.4, the icon box widget includes/widgets/icon-box.php accepts a ‘titlesize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modifi...

CVE-2021-24206

In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget includes/widgets/image-box.php accepts a ‘titlesize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a...

Design/Logic Flaw

In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget includes/widgets/image-box.php accepts a ‘titlesize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a...

CVE-2021-24205 Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Icon Box Widget

In the Elementor Website Builder WordPress plugin before 3.1.4, the icon box widget includes/widgets/icon-box.php accepts a ‘titlesize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modifi...

CVE-2021-24206 Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Image Box Widget

In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget includes/widgets/image-box.php accepts a ‘titlesize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a...

WordPress Elementor Website Builder 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

WordPress 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

SQL Injection Vulnerability in Enterprise Magic Box

Enterprise WeChat Magic Box is an Enterprise WeChat SCRM, Enterprise WeChat third-party platform source code system, through her you can quickly deploy your own enterprise WeChat management system, enterprise WeChat SCRM system, session archive source code system. Enterprise WeChat Magic Box has ...

CVE-2021-3467

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened...

AZL-6495 CVE-2021-3467 affecting package jasper for versions less than 2.0.32-2

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened...

UBUNTU-CVE-2021-3467

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened...

JasPer 代码问题漏洞

JasPer is an open source project that aims to provide a free software-based reference implementation of the codecs specified in the JPEG-2000 Part-1 standard. A null pointer dereference vulnerability exists in versions of Jasper prior to 2.0.26. The vulnerability stems from a problem with the way...

CVE-2021-25278

FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor...

Design/Logic Flaw

FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor...

Session fixation

FTAPI 4.0 - 4.10 allows XSS via a crafted filename to the alternative text hover box in the file submission component...