94 matches found
CVE-2024-41597
Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to insert a comment. NOTE: this is disputed by the Supplier because the product intentionally accepts anonymous, unauthenticated comments and thus there are fewer situations in which CSRF would be a useful...
Fedora 39 : w3m (2024-3fc66f8bf3)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-3fc66f8bf3 advisory. - Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 2222775, 2222780, 2255207...
CVE-2023-4255
An out-of-bounds write issue has been discovered in the backspace handling of the checkType function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes,...
w3m Security Vulnerabilities
w3m is a WWW-enabled pager from the personal developer Tatsuya Kinoshita. A security vulnerability exists in W3M, which stems from an out-of-bounds write issue found in the checkType function's backspace handling in etc.c. The vulnerability can be triggered by supplying a specially crafted HTML...
CVE-2023-45281
An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML file...
CVE-2023-45281
An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML file...
CVE-2023-39612
A cross-site scripting XSS vulnerability in FileBrowser before v2.23.0 allows an authenticated attacker to escalate privileges to Administrator via user interaction with a crafted HTML file or URL...
CVE-2023-41637
An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file...
CVE-2023-41637
An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file...
xuxueli xxl-job Cross-Site Request Forgery Vulnerability
Cross Site Request Forgery CSRF vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0 allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file...
GHSA-JP5R-4X9Q-4VCF xuxueli xxl-job Cross-Site Request Forgery Vulnerability
Cross Site Request Forgery CSRF vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0 allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file...
CVE-2020-24922
Cross Site Request Forgery CSRF vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file...
CVE-2023-37733
An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file...
CVE-2023-37733
An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file...
CVE-2023-38253
An out-of-bounds read flaw was found in w3m, in the growbuftoStr function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file...
Design/Logic Flaw
An out-of-bounds read flaw was found in w3m, in the growbuftoStr function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file...
CVE-2023-38253
An out-of-bounds read flaw was found in w3m, in the growbuftoStr function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file...
CVE-2023-38252
An out-of-bounds read flaw was found in w3m, in the Strnewsize function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file...
CVE-2023-38253 W3m: out of bounds read in growbuf_to_str() at w3m/indep.c
An out-of-bounds read flaw was found in w3m, in the growbuftoStr function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file...
CVE-2023-38252 W3m: out of bounds read in strnew_size() at w3m/str.c
An out-of-bounds read flaw was found in w3m, in the Strnewsize function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file...