3641 matches found
CVE-2018-20627
PHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via the search box...
CVE-2018-20627
PHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via the search box...
CVE-2018-20627
CVE-2018-20627 concerns PHP Scripts Mall Consumer Reviews Script 4.0.3, where an HTML injection vulnerability is reported via the search box. The available connected documents confirm the affected product and the attack surface but do not provide concrete details on exploit specifics, affected ve...
Microsoft Windows - '.reg' File / Dialog Box Message Spoofing
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-.REG-FILE-DIALOG-BOX-MESSAGE-SPOOFING.txt + ISR: ApparitionSec Vendor www.microsoft.com Product A file with the .reg file extension is a Registration file...
Microsoft Windows .Reg File / Dialog Box Message Spoofing Exploit
The Windows registry editor allows specially crafted .reg filenames to spoof the default registry dialog warning box presented to an end user. This can potentially trick unsavvy users into choosing the wrong selection shown on the dialog box. Furthermore, we can deny the registry editor its abili...
Microsoft Windows .Reg File / Dialog Box Message Spoofing
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-.REG-FILE-DIALOG-BOX-MESSAGE-SPOOFING.txt + ISR: ApparitionSec Vendor www.microsoft.com Product A file with the .reg file extension is a Registration file...
Kudou Music Box PC client software suffers from a dll file loading vulnerability
Kudou Music Box is a music resource aggregator and player that combines the functions of song and MV search, download, online playback, lyrics synchronization display and so on. A dll file loading vulnerability exists in the Kudou Music Box PC client software, which can be exploited by attackers ...
DiliCMS Cross-Site Scripting Vulnerability (CNVD-2019-07939)
DiliCMS is a content management system CMS based on Codelgniter. A cross-site scripting vulnerability exists in the site URL text box in DiliCMS version 2.4.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
CVE-2018-17420
An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter...
PT-2019-5750 · Poppler +4 · Poppler +4
Name of the Vulnerable Software and Affected Versions: Poppler version 0.74.0 Description: The issue is related to a heap-based buffer over-read in the downsample row box filter function located in CairoRescaleBox.cc. This can potentially allow a remote attacker to access confidential data,...
Workspace: Personal Cloud Connectors
This article provides the steps necessary to utilize connectors for Box, Dropbox, and other third-party storage apps in Citrix Workspace...
CVE-2019-8911
An issue was discovered in WTCMS 1.0. It has stored XSS via the third text box for the website statistics code...
CVE-2019-5596
In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to ga...
WECON V-Box Detection (Windows SMB Login)
Detects the installed version of WECON V-Box for Windows. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DEBIAN-CVE-2018-20751
An issue was discovered in croppage in PoDoFo 0.9.6. For a crafted PDF document, pPage-GetObject-GetDictionary.AddKeyPdfName"MediaBox",var can be problematic due to the function GetObject being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL...
UBUNTU-CVE-2018-20751
An issue was discovered in croppage in PoDoFo 0.9.6. For a crafted PDF document, pPage-GetObject-GetDictionary.AddKeyPdfName"MediaBox",var can be problematic due to the function GetObject being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL...
Meta Box < 4.16.3 - Unauthorised File Deletion
The Meta Box – WordPress Custom Fields Framework WordPress plugin was affected by an Unauthorised File Deletion security vulnerability...
Meta Box < 4.16.2 - Mishandled Uploaded Files
The Meta Box – WordPress Custom Fields Framework WordPress plugin was affected by a Mishandled Uploaded Files security vulnerability...
CVE-2018-17703
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2018-17688
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...