CVE-2023-2520

A vulnerability was found in Caton Prime 2.1.2.51.e8d7225049202303031001 and classified as critical. This issue affects some unknown processing of the file cgi-bin/toolsping.cgi?action=Command of the component Ping Handler. The manipulation of the argument Destination leads to command injection...

Sql injection

A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/managerestriction.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The explo...

CVE-2023-2214

A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/sales/managesale.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has...

CVE-2023-2095

A vulnerability was found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/maintenance/managecategory.php. The manipulation of the argument id leads to sql injection. The attack may be initiated...

CVE-2023-2077

A vulnerability, which was classified as problematic, has been found in Campcodes Online Traffic Offense Management System 1.0. This issue affects some unknown processing of the file /admin/offenses/viewdetails.php. The manipulation of the argument id leads to cross site scripting. The attack may...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in Campcodes Online Traffic Offense Management System 1.0. This issue affects some unknown processing of the file /admin/offenses/viewdetails.php. The manipulation of the argument id leads to cross site scripting. The attack may...

CVE-2023-2039

A vulnerability was found in novel-plus 3.6.2. It has been rated as critical. This issue affects some unknown processing of the file /author/list?limit=10&offset=0&order=desc. The manipulation of the argument sort leads to sql injection. The attack may be initiated remotely. The exploit has been...

Sql injection

A vulnerability was found in novel-plus 3.6.2. It has been rated as critical. This issue affects some unknown processing of the file /author/list?limit=10&offset=0&order=desc. The manipulation of the argument sort leads to sql injection. The attack may be initiated remotely. The exploit has been...

ROS-20230411-01

The CairoSVG SVG converter vulnerability is related to insufficient validation of user input during the SVG file processing. Exploitation of the vulnerability could allow an attacker acting remotely, access sensitive data located on a local network or send malicious requests to other servers from...

SUSE CVE-2021-33642

When a file is processed, an infinite loop occurs in nextinline of the morecurly function...

CVE-2021-33642

When a file is processed, an infinite loop occurs in nextinline of the morecurly function...

CVE-2022-2561

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OPC Labs QuickOPC 2022.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2023-27586

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service...

PT-2023-1926 · Adobe · Dimension

Name of the Vulnerable Software and Affected Versions: Adobe Dimension versions 3.4.7 and earlier Description: The issue is related to an out-of-bounds write vulnerability in Adobe Dimension when processing OBJ files. This can allow an attacker to execute arbitrary code with the help of a special...

Design/Logic Flaw

A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/bookmarks/refworks.html.erb. The manipulation leads to use of web link to untrusted target with window.opener access. The attack may be...

SUSE CVE-2017-5651

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in t...

LibTIFF tiffcrop.c:3516 Buffer Overflow Vulnerability

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains some command line tools for working with TIFF files. LibTIFF suffers from a buffer overflow vulnerability that originates from a boundary error in tiffcrop at tools/tiffcrop.c:3516 when processi...

OESA-2023-1078 libXpm security update

X.Org X11 libXpm runtime library Security Fixes: A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user t...

AZL-13248 CVE-2022-4883 affecting package libXpm for versions less than 3.5.17-1

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

Design/Logic Flaw

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...