Lucene search
K

44 matches found

pypa
pypa
added 2022/07/06 6:15 p.m.8 views

PYSEC-2022-233

opensshkeyparser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker...

7.7CVSS6.8AI score0.01239EPSS
Exploits1References5Affected Software1
osv
osv
added 2022/05/13 1:26 a.m.1 views

GHSA-29RM-6752-GVWV Code execution in Apache Struts 1 plugin

The Struts 1 plugin used with Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage...

9.8CVSS7.4AI score0.99461EPSS
Exploits42References10
attackerkb
attackerkb
added 2022/01/29 11:15 p.m.5 views

CVE-2022-24124

The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations...

7.5CVSS5.7AI score0.58927EPSS
Exploits9References6
bdu_fstec
bdu_fstec
added 2021/03/11 12:0 a.m.6 views

The vulnerability of the SetFieldValue command implementation in the Foxit Reader text viewer and Foxit PhantomPDF PDF editing program allows a perpetrator to execute arbitrary code.

The vulnerability of the GetFieldValue function implementation in programs for displaying text in Foxit Reader and editing PDF files in Foxit PhantomPDF is related to data type conversion errors. Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely...

10CVSS7.6AI score0.04689EPSS
Exploits0References4Affected Software2
bdu_fstec
bdu_fstec
added 2021/03/11 12:0 a.m.6 views

The vulnerability of the GetFieldValue function implementation in the program for displaying text in Foxit Reader and the PDF editing program Foxit PhantomPDF allows a perpetrator to execute arbitrary code.

The vulnerability of the GetFieldValue function implementation in programs for displaying text in Foxit Reader and editing PDF files in Foxit PhantomPDF is related to data type conversion errors. Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely...

10CVSS7.6AI score0.04689EPSS
Exploits0References4Affected Software2
cnvd
cnvd
added 2020/07/29 12:0 a.m.2 views

WordPress Email Subscribers & Newsletters SQL Injection Vulnerability (CNVD-2020-44907)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Email Subscribers & Newsletters is an email subscription and newsletter plugin used in it. A SQL injection vulnerability exists in...

4.9CVSS7.9AI score0.01966EPSS
Exploits2References1
osv
osv
added 2020/04/22 9:15 p.m.5 views

CVE-2020-10911

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.2AI score0.04689EPSS
Exploits0References2
nvd
nvd
added 2019/10/10 10:15 p.m.22 views

CVE-2019-17495

A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...

9.8CVSS9.5AI score0.0558EPSS
Exploits1References11
cnvd
cnvd
added 2019/08/01 12:0 a.m.1 views

Eclipse OpenJ9 Competitive Conditions Issue Vulnerability

Eclipse OpenJ9 is a Java application engine from the Eclipse Foundation. The product is primarily used to run Java applications. A Competing Conditions Issue vulnerability exists in Eclipse OpenJ9 versions prior to 0.15. The vulnerability stems from improper handling of concurrent access when...

7.4CVSS6.9AI score0.01468EPSS
Exploits0References1
osv
osv
added 2019/06/03 7:29 p.m.3 views

CVE-2019-6771

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 2019.010.20098. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

5.5CVSS5.3AI score0.02652EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2019/04/29 12:0 a.m.3 views

PT-2019-18331 · Foxit · Foxit Reader

Name of the Vulnerable Software and Affected Versions: Foxit Reader version 2019.010.20098 Description: This issue allows remote attackers to disclose sensitive information on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious...

5.5CVSS4AI score0.02652EPSS
Exploits0References3
cnvd
cnvd
added 2017/12/21 12:0 a.m.5 views

Foxit Reader value attribute remote code execution vulnerability

Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. A remote code execution vulnerability exists in the value property of the Field object in Foxit Reader version 8.3.1.21155, which originates from the program failing to validate the existence of an object before...

8.8CVSS8.4AI score0.0259EPSS
Exploits0References1
zdi
zdi
added 2017/11/14 12:0 a.m.34 views

Foxit Reader Field value Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the value attribute...

6.8CVSS8.7AI score0.0259EPSS
Exploits0References1
cnvd
cnvd
added 2017/07/28 12:0 a.m.5 views

FFmpeg Denial of Service Vulnerability (CNVD-2017-26316)

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in the 'ffamfgetfieldvalue' function in the libavformat/rtmppkt.c file in FFmpeg version 3.3.2. A remote attacker can exploit this vulnerability to cause a...

7.5CVSS7.4AI score0.02362EPSS
Exploits0References1
redhatcve
redhatcve
added 2017/07/10 7:19 p.m.46 views

CVE-2017-9791

The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage...

9.8CVSS4.3AI score0.98931EPSS
Exploits19References2
atlassian
atlassian
added 2014/02/20 12:35 p.m.222 views

Grant "Browse Project" permission to "User Custom Field Value" makes project visible to all users

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-37117. panel If in your permission schema, you grant Browse Project permission to "User Custom Field Value", the project is visible to all...

2.7AI score
Exploits0Affected Software1
freebsd
freebsd
added 2013/02/19 12:0 a.m.47 views

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: Cross-Site Scripting When viewing a single bug report, which is the default, the bug ID is validated and rejected if it is invalid. But when viewing several bug reports at once, which is specified by the format=multiple parameter, invalid bug IDs can go throu...

5CVSS6.7AI score0.01657EPSS
Exploits0References2
nvd
nvd
added 2011/02/28 4:0 p.m.18 views

CVE-2011-1008

ScripsOverlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information,...

4CVSS6.2AI score0.01533EPSS
Exploits0References15
atlassian
atlassian
added 2009/07/28 5:51 a.m.28 views

Allow issue security level to use any custom field that implements UserCFNotificationTypeAware

It would be useful to be able to set the security level on an issue to include everyone who participated on an issue so if you had a security level that was only the reporter and the assignee, if the issue needs to get reassigned the issue could still be seen by the original assignee. The JIRA...

0.6AI score
Exploits0Affected Software1
zdt
zdt
added 2008/12/23 12:0 a.m.49 views

phpLD 3.3 (page.php name) Blind SQL Injection Vulnerability

Exploit for unknown platform in category web applications =========================================================== phpLD 3.3 page.php name Blind SQL Injection Vulnerability =========================================================== phpLD 3.3 Blind SQL Injection http://www.phplinkdirectory.com...

7.1AI score
Exploits0
Rows per page
Query Builder