The vulnerability of the export function in the libavfilter/vfsignature.c component of the FFmpeg multimedia library involves reading data beyond the permissible buffer size. This allows an attacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the export function in the libavfilter/vfsignature.c component of the FFmpeg multimedia library relates to reading data from buffers beyond their acceptable limits. Exploiting this vulnerability could allow a malicious actor to gain access to confidential data, compromise its...

PT-2024-33682 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.14.6 SuiteCRM versions prior to 8.7.1 Description: The issue is related to poor input validation in the export functionality, allowing an authenticated user to perform a SQL injection attack. The current post...

SUSE CVE-2024-6540

Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has be...

Cross Site Scripting(XSS)

vxe-table is vulnerable to Cross Site Scripting XSS. The vulnerability is due to inadequate sanitization of user-supplied input within the inputValue argument of the export function in the vxe-textarea component. It allows malicious actors to execute arbitrary JavaScript code within the context o...

CVE-2023-1001

A vulnerability, which was classified as problematic, has been found in xuliangzhan vxe-table up to 3.7.9. This issue affects the function export of the file packages/textarea/src/textarea.js of the component vxe-textarea. The manipulation of the argument inputValue leads to cross site scripting...

J2EEFAST export function SQL injection vulnerability

J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2eeFAST v2.7.0 version of the SQL injection vulnerability , the vulnerability stems from the export function of the sqlfilte...

CVE-2024-33146

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the export function...

CVE-2024-33146

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the export function...

CVE-2024-33146

CVE-2024-33146 affects J2EEFAST v2.7.0. A SQL injection flaw exists in the export function via the sql_filter parameter, enabling manipulation of SQL statements and potential data exposure. The CVSS v3.1 base score is 9.1 (CRITICAL) with network access, no user interaction, and no privileges requ...

PT-2024-25130 · J2Eefast · J2Eefast

Name of the Vulnerable Software and Affected Versions: J2EEFAST version 2.7.0 Description: A SQL injection issue was discovered in the export function via the sql filter parameter. This allows for potential exploitation. Recommendations: For J2EEFAST version 2.7.0, consider restricting access to...

CVE-2024-33146

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the export function...

J2eeFAST 安全漏洞

J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2eeFAST v2.7.0 version of the SQL injection vulnerability , the vulnerability stems from the export function of the sqlfilte...

CVE-2024-25007 Ericsson Network Manager - Improper Neutralization of Formula Elements Vulnerability

Ericsson Network Manager ENM, versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity and availability. The...

MISP 安全漏洞

MISP is an open source software solution. The product is used to collect, store, distribute, and share cybersecurity metrics with features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP versions prior to 2.4.187 that stems from...

CVE-2024-1645

The Mollie Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportRegistrations function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to export...

CVE-2024-1095

The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settingsexport function in all versions up to, and including, 1.3.5.4. This makes it possible for unauthenticated attackers to...

Design/Logic Flaw

The Login Lockdown – Protect Login Form plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the generateexportfile function in all versions up to, and including, 2.08. This makes it possible for authenticated attackers, with subscriber access and...

PT-2023-29278 · Bestwebsoft · Profile Extra Fields

Name of the Vulnerable Software and Affected Versions: The Profile Extra Fields by BestWebSoft plugin for WordPress versions up to, and including, 1.2.7 Description: The issue is related to unauthorized access of data due to a missing capability check on the prflxtrflds export file function. This...

CVE-2021-4412

The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. This is due to missing or incorrect nonce validation on the save and export functions. This makes it possible for unauthenticated attackers to save plugin settings and trigger a...

WordPress Plugin WP Prayer 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...