83 matches found
Pimcore 11.4.2 - Stored cross site scripting
Exploit Title: Authenticated Stored Cross-Site Scripting XSS Via Search Document Google Dork: N/A Date: 1/28/2025 Exploit Author: maeitsec Vendor Homepage: https://pimcore.com/ Software Link: https://github.com/pimcore/pimcore Version: Pimcore 10.5.x prior to 10.5.21 and 11.x prior to 11.1.1 Test...
CVE-2024-11155
A “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To...
Rockwell Automation Arena 安全漏洞
Rockwell Automation Arena is a discrete event simulation and automation software from Rockwell Automation USA. A security vulnerability exists in Rockwell Automation Arena version 16.20.03 and earlier, which stems from an out-of-bounds write code execution vulnerability that allows a threat...
PT-2024-9188 · Rockwell Automation · Rockwell Automation Arena
Name of the Vulnerable Software and Affected Versions: Rockwell Automation Arena versions prior to 16.20.00 Description: A "use after free" code execution issue exists in the Rockwell Automation Arena that could allow a threat actor to craft a DOE file and force the software to use a resource tha...
CVE-2024-43931
CVE-2024-43931 is a Deserialization of Untrusted Data vulnerability in JobSearch (WP Job Board) that allows PHP Object Injection in unauthenticated context. The issue affects JobSearch versions up to 2.5.3 and has a high impact profile (CVSS 3.1, base score 9.8, CRITICAL). The connected documents...
The vulnerability of the implementation of the ColladaParser::ExtractDataObjectFromChannel() function in the Open Asset Import Library (Assimp) library allows a malicious actor to obtain unauthorized access to confidential information.
The vulnerability of the ColladaParser::ExtractDataObjectFromChannel function in the Open Asset Import Library Assimp import library is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to gain unauthorized access to confidential information...
DEBIAN-CVE-2024-26995
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Correct the PDO counting in pdset Off-by-one errors happen because nrsnkpdo and nrsrcpdo are incorrectly added one. The index of the loop is equal to the number of PDOs to be updated when leaving the loop and it...
UBUNTU-CVE-2024-26995
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Correct the PDO counting in pdset Off-by-one errors happen because nrsnkpdo and nrsrcpdo are incorrectly added one. The index of the loop is equal to the number of PDOs to be updated when leaving the loop and it...
kernel: Kernel: Denial of Service due to memory leak in PCI/DOE
A flaw was found in the Linux kernel. A local attacker with low privileges could exploit a memory leak vulnerability in the PCI-e Data Object Exchange PCI/DOE subsystem. This occurs when a PCI/DOE task completes, but its associated work structure is not properly destroyed, leading to a continuous...
kernel: PCI/DOE: Fix destroy_work_on_stack() race
A race condition flaw was found in the Linux kernel's PCI Data Object Exchange DOE implementation. The destroyworkonstack function is called after signaling completion, creating a race where the work struct can go out of scope before being destroyed. This triggers debug object warnings when...
The vulnerability in the exportDataObject API of the Foxit Reader text viewing application, which allows a hacker to execute arbitrary code.
The vulnerability of the exportDataObject API in the Foxit Reader text viewer software is related to improper checking of dangerous extensions. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially created file...
CVE-2023-35985
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. ...
PT-2023-7348 · Foxit · Foxit Pdf Reader
Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader versions 12.1.3.15356 Description: The issue is related to errors in processing hyperlinks and mistreatment of whitespace characters in the Javascript exportDataObject API. This can allow a remote attacker to execute arbitrar...
PortlandLabs Concrete CMS Custom Label Fields Cross-Site Scripting Vulnerability
PortlandLabs Concrete CMS is a team-oriented open source content management system of the United States PortlandLabs company . A cross-site scripting vulnerability exists in the PortlandLabs Concrete CMS Custom Label field. The vulnerability stems from the lack of effective filtering and escaping...
PortlandLabs Concrete CMS 跨站脚本漏洞
PortlandLabs Concrete CMS is a team-oriented open source content management system of the United States PortlandLabs company . A cross-site scripting vulnerability exists in the PortlandLabs Concrete CMS Custom Label field. The vulnerability stems from the lack of effective filtering and escaping...
PT-2023-26300 · Kofax · Kofax Power Pdf
Name of the Vulnerable Software and Affected Versions: Kofax Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a maliciou...
Pimcore 跨站脚本漏洞
Pimcore is Austria's Pimcore company's set of open source for the creation and management of Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A cross-site scripting vulnerabilit...
SUSE CVE-2012-3450
pdosqlparser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted paramet...
PYSEC-2023-290
An issue was discovered with assimp 5.1.4, a use after free occurred in function ColladaParser::ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp...
UBUNTU-CVE-2022-45748
An issue was discovered with assimp 5.1.4, a use after free occurred in function ColladaParser::ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp...