CVE-2021-25278

The FTAPI vulnerability CVE-2021-25278 affects FTAPI versions 4.0–4.10 and is a cross-site scripting flaw in the Background Image upload feature of the Submit Box Template Editor. An attacker can exploit the issue by uploading an SVG file containing embedded JavaScript, which may compromise a vic...

DEBIAN-CVE-2021-27807

A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions...

FTAPI 跨站脚本漏洞

A cross-site scripting vulnerability exists in FTAPI 4.0 - 4.10, which allows the passage of a crafted filename to an alternate text hover box in the file submission component...

FTAPI SecuTransfer 跨站脚本漏洞

FTAPI is an end-to-end encrypted file transfer and data room solution with unlimited file size. A cross-site scripting vulnerability exists in the "Background Image" upload function in the "Submit Box Template Editor" in FTAPI 4.0 - 4.10. An attacker can exploit this vulnerability by uploading an...

Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Icon Box Widget

In the plugin, the icon box widget includes/widgets/icon-box.php accepts a ‘titlesize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘savebuilder’ request containing JavaScript in...

Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Image Box Widget

In the plugin, the image box widget includes/widgets/image-box.php accepts a ‘titlesize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘savebuilder’ request containing JavaScript ...

Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Image Box Widget

In the plugin, the image box widget includes/widgets/image-box.php accepts a ‘titlesize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘savebuilder’ request containing JavaScript ...

VulnCheck KEV: CVE-2021-24206

In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget includes/widgets/image-box.php accepts a ‘titlesize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a...

Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Icon Box Widget

In the plugin, the icon box widget includes/widgets/icon-box.php accepts a ‘titlesize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘savebuilder’ request containing JavaScript in...

The vulnerability of the downsample_row_box_filterf function in the poppler/CairoRescaleBox.cc library for displaying PDF files allows a hacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the downsamplerowboxfilterf function in the poppler/CairoRescaleBox.cc library, which is used for displaying PDF files, involves reading data beyond the allowable buffer size. Exploiting this vulnerability could allow an attacker to access confidential data, compromise its...

CVE-2021-27187

The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 stores authentication credentials in cleartext in login.sav when the Save Password box is checked...

CVE-2021-27187

The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 stores authentication credentials in cleartext in login.sav when the Save Password box is checked...

How to configure registry settings for Microsoft Azure Data Box device

Reference Article This article is referenced by the Veeam Backup & Replication User Guide. Adding Azure Data Box Storage: Before You Begin Before you add Microsoft Azure Data Box to the Veeam Backup & Replication backup infrastructure, create the following registry key on Veeam Backup Server: Key...

CVE-2021-0340

In parseNextBox of IsoInterface.java, there is a possible leak of unredacted location information due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions...

Exploit for Command Injection in Rapid7 Metasploit

CVE-2020-7384 This is a small exploit in bash which I had mad...

CVE-2020-29165

Affected software: PacsOne Server (PACS Server In One Box). Vulnerable if running versions below 7.1.1. Root cause: incorrect access control leading to remote elevation of privileges to administrator. Impact: potential remote admin access if exploited. Public exploitation/attack specifics are not...

CVE-2020-29164

CVE-2020-29164 concerns PacsOne Server (PACS Server In One Box)

abracadabra (>=0.0.0 <=0.0.5), adversarial-labeller (=0.1.8) +210 more potentially affected by CVE-2021-23980 via bleach (>=1.2.2 <=3.2.3)

bleach PYPI version =1.2.2, =0.0.0, =1.0.0, =0.0.1, =1.10.0, =0.1.0, =0.0.6, =0.3.0, =0.0.9, =0.3.4, =0.0.5, =0.1.0rc1, =0.1.3, =1.0.0 and more Source cves: CVE-2021-23980 Source advisory: OSV:PYSEC-2021-865...

The vulnerability of the Dialog Box component of the application’s technical maintenance, repair, and major equipment overhauls allows a perpetrator to gain unauthorized access to protected information or to have read, add, or delete privileges over the data.

The vulnerability of the Dialog Box component in application maintenance, repair, and major equipment overhauls related to Oracle Complex Maintenance, Repair, and Overhaul lies in deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain...

The vulnerability of the Dialog Box component of the application’s technical maintenance, repair, and major equipment overhauls allows a perpetrator to gain unauthorized access to protected information or to have read, add, or delete data permissions.

The vulnerability of the Dialog Box component in application maintenance, repair, and major equipment overhauls related to Oracle Complex Maintenance, Repair, and Overhaul lies in deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain...