Pimcore Cross-Site Scripting Vulnerability (CNVD-2022-22699)

Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce framework and product information management applications. 10.4.0 versions of Pimcore before the...

GHSA-PP2H-95HM-HV9R Improper Neutralization of Formula Elements in a CSV File in pimcore/pimcore

Impact Data Object CSV import allows formular injection. Patches Problem is patched in 10.1.1 Workarounds Apply https://github.com/pimcore/pimcore/pull/9992.patch References https://cwe.mitre.org/data/definitions/1236.html...

Improper Neutralization of Formula Elements in a CSV File in pimcore/pimcore

Impact Data Object CSV import allows formular injection. Patches Problem is patched in 10.1.1 Workarounds Apply https://github.com/pimcore/pimcore/pull/9992.patch References https://cwe.mitre.org/data/definitions/1236.html...

Pimcore Formula Injection Vulnerability

Pimcore is a set of open source Web content management platform for creating and managing Web applications from Austrian company Pimcore. The platform integrates Web content management, e-commerce framework and product information management applications.Pimcore versions prior to 10.1.1 have a...

CVE-2021-37702

Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround...

Design/Logic Flaw

Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround...

CVE-2021-37702 Improper Neutralization of Formula Elements in a CSV File in pimcore/pimcore

Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround...

Pimcore 安全漏洞

Pimcore is a set of open source Web content management platform for creating and managing Web applications from Austrian company Pimcore. The platform integrates Web content management, e-commerce framework and product information management applications.Pimcore versions prior to 10.1.1 have a...

Concrete5 8.5.4 Cross Site Scripting

Exploit Title: Concrete5 8.5.4 - 'name' Stored XSS Date: 2021-01 Exploit Author: Quadron Research Lab Version: Concrete5 8.5.4 Tested on: Windows 10 x64 HUN/ENG Professional Vendor: Concrete5 CMS https://www.concrete5.org CVE: CVE-2021-3111 Suggested description The Express Entries Dashboard...

Concrete5 8.5.4 - 'name' Stored XSS

Exploit Title: Concrete5 8.5.4 - 'name' Stored XSS Date: 2021-01 Exploit Author: Quadron Research Lab Version: Concrete5 8.5.4 Tested on: Windows 10 x64 HUN/ENG Professional Vendor: Concrete5 CMS https://www.concrete5.org CVE: CVE-2021-3111 Suggested description The Express Entries Dashboard...

CVE-2021-3111

The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI...

QEMU: vnc: memory leakage upon disconnect

A memory leakage flaw was found in the way the VNC display driver of QEMU handled the connection disconnect when ZRLE and Tight encoding are enabled. Two VncState objects are created, and one allocates memory for the Zlib's data object. This allocated memory is not freed upon disconnection,...

CVE-2020-13847

Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file...

UBUNTU-CVE-2020-6860

libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hdf/dataobject.c during the reading of a header message attribute...

Design/Logic Flaw

Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c...

The vulnerability of the Vijeo Designer Lite software lies in its insufficient control over memory boundaries, allowing a malicious actor to cause system failures in the application.

The vulnerability of the Vijeo Designer Lite software is related to insufficient control over memory boundaries during operation. Exploiting this vulnerability can allow an attacker to cause a malfunction of the application upon opening a DOP project file...

CVE-2018-17696

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Foxit Reader Type Obfuscation Remote Code Execution Vulnerability (CNVD-2018-15069)

Foxit Reader old name: Foxit PDF Reader is a set of software used to read PDF format files, by Fujian Foxit Software developed by Foxit Reader is a set of free to use the software, the operating system is mainly based on Microsoft Windows, and as long as there is a Win32 implementation of the...

OLX: I found a way to instantly take over ads by other users and change them (IDOR)

A local LetGo webpage was vulnerable to Insecure Data Object Reference issue which could have lead to ad hijack or settings change price, description, location. @kciredor discovered this vulnerability and notified us about this. We would like to thank you for this report. Please do not hesitate t...

DEBIAN-CVE-2017-7704

In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value...