44 matches found
PYSEC-2022-233
opensshkeyparser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker...
GHSA-29RM-6752-GVWV Code execution in Apache Struts 1 plugin
The Struts 1 plugin used with Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage...
CVE-2022-24124
The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations...
The vulnerability of the SetFieldValue command implementation in the Foxit Reader text viewer and Foxit PhantomPDF PDF editing program allows a perpetrator to execute arbitrary code.
The vulnerability of the GetFieldValue function implementation in programs for displaying text in Foxit Reader and editing PDF files in Foxit PhantomPDF is related to data type conversion errors. Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely...
The vulnerability of the GetFieldValue function implementation in the program for displaying text in Foxit Reader and the PDF editing program Foxit PhantomPDF allows a perpetrator to execute arbitrary code.
The vulnerability of the GetFieldValue function implementation in programs for displaying text in Foxit Reader and editing PDF files in Foxit PhantomPDF is related to data type conversion errors. Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely...
WordPress Email Subscribers & Newsletters SQL Injection Vulnerability (CNVD-2020-44907)
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Email Subscribers & Newsletters is an email subscription and newsletter plugin used in it. A SQL injection vulnerability exists in...
CVE-2020-10911
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2019-17495
A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...
Eclipse OpenJ9 Competitive Conditions Issue Vulnerability
Eclipse OpenJ9 is a Java application engine from the Eclipse Foundation. The product is primarily used to run Java applications. A Competing Conditions Issue vulnerability exists in Eclipse OpenJ9 versions prior to 0.15. The vulnerability stems from improper handling of concurrent access when...
CVE-2019-6771
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 2019.010.20098. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
PT-2019-18331 · Foxit · Foxit Reader
Name of the Vulnerable Software and Affected Versions: Foxit Reader version 2019.010.20098 Description: This issue allows remote attackers to disclose sensitive information on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious...
Foxit Reader value attribute remote code execution vulnerability
Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. A remote code execution vulnerability exists in the value property of the Field object in Foxit Reader version 8.3.1.21155, which originates from the program failing to validate the existence of an object before...
Foxit Reader Field value Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the value attribute...
FFmpeg Denial of Service Vulnerability (CNVD-2017-26316)
FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in the 'ffamfgetfieldvalue' function in the libavformat/rtmppkt.c file in FFmpeg version 3.3.2. A remote attacker can exploit this vulnerability to cause a...
CVE-2017-9791
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage...
Grant "Browse Project" permission to "User Custom Field Value" makes project visible to all users
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-37117. panel If in your permission schema, you grant Browse Project permission to "User Custom Field Value", the project is visible to all...
bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports: Cross-Site Scripting When viewing a single bug report, which is the default, the bug ID is validated and rejected if it is invalid. But when viewing several bug reports at once, which is specified by the format=multiple parameter, invalid bug IDs can go throu...
CVE-2011-1008
ScripsOverlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information,...
Allow issue security level to use any custom field that implements UserCFNotificationTypeAware
It would be useful to be able to set the security level on an issue to include everyone who participated on an issue so if you had a security level that was only the reporter and the assignee, if the issue needs to get reassigned the issue could still be seen by the original assignee. The JIRA...
phpLD 3.3 (page.php name) Blind SQL Injection Vulnerability
Exploit for unknown platform in category web applications =========================================================== phpLD 3.3 page.php name Blind SQL Injection Vulnerability =========================================================== phpLD 3.3 Blind SQL Injection http://www.phplinkdirectory.com...