CVE-2023-34295

Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target...

PT-2024-22870 · Addactis · Addactis Ibnrs

Name of the Vulnerable Software and Affected Versions: Addactis IBNRS version 3.10.3.107 Description: The issue allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name inside Input Triangles, and Yield Curve Name...

SqliSniper - Advanced Time-based Blind SQL Injection Fuzzer For HTTP Headers

SqliSniper is a robust Python tool designed to detect time-based blind SQL injections in HTTP request headers. It enhances the security assessment process by rapidly scanning and identifying potential vulnerabilities using multi-threaded, ensuring speed and efficiency. Unlike other scanners,...

Important: libtiff

Issue Overview: An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB. CVE-2023-6277 Affected Packages: libtiff Issue Correction: Run yum update libtiff or yu...

VulnCheck KEV: CVE-2023-7101

Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings within the Excel parsing logic...

Cisco Identity Services Engine Arbitrary File Write (cisco-sa-ise-mult-j-KxpNynR)

According to its self-reported version, Cisco Identity Services Engine is affected by an arbitrary file write vulnerability that can be exploited by a remote, authenticated attacker due to insufficient file input validation. Please see the included Cisco BIDs and Cisco Security Advisory for more...

AZL-31903 CVE-2023-46848 affecting package squid 5.7-5

Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input...

CVE-2023-4508

A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file...

CVE-2023-4508

A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file...

UBUNTU-CVE-2023-4508

A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file...

Design/Logic Flaw

A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file...

CVE-2023-4508

CVE-2023-4508 affects Gerbv versions 2.4.0–2.10.0, with out-of-bounds memory access when parsing RS-274X files, causing a crash and potential denial-of-service. Connected advisories confirm the issue across distributions (Debian/Ubuntu/OpenSUSE) and indicate fixed versions in respective releases;...

CVE-2023-4508 Denial of Service in Gerbv

A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file...

GHSA-X456-3CCM-M6J4 MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form

Summary A malicious web server can read arbitrary files on the client using a inside HTML form. Details This affects the extremely common pattern of form submission: python b = mechanicalsoup.StatefulBrowser b.selectform... b.submitselected The problem is with the code in...

DEBIAN-CVE-2023-34457

MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...

UBUNTU-CVE-2023-34457

MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...

CVE-2023-34457 MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form

MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...

CVE-2023-34457 MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form

MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...

PT-2023-24889 · Unknown +1 · Mechanicalsoup +1

Name of the Vulnerable Software and Affected Versions: MechanicalSoup versions 0.2.0 through 1.2.x Description: A malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took very specific and...

SUSE CVE-2023-3430

A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial ...