Cross site scripting

A Cross-Site Scripting XSS vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout...

CVE-2023-44771

A Cross-Site Scripting XSS vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout...

Zenario CMS Cross-Site Scripting Vulnerability

Zenario CMS is a Zenario open source application . Provides a Web-based content management system. A cross-site scripting vulnerability exists in Zenario CMS version v.9.4.59197, which stems from the presence of a cross-site scripting XSS vulnerability. An attacker can exploit this vulnerability ...

CVE-2023-44771

A Cross-Site Scripting XSS vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout...

CVE-2023-44011

An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component...

PT-2023-29066 · Unknown · Mojoportal

Name of the Vulnerable Software and Affected Versions: mojoPortal version 2.7.0.0 Description: An issue in mojoPortal allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component. Recommendations: For mojoPortal version...

The vulnerability of the hb-ot-layout-gsubgpos.hh component in the Harfbuzz text transformation library allows a attacker to cause a service failure.

The vulnerability of the hb-ot-layout-gsubgpos.hh component in the Harfbuzz text transformation library is related to unlimited resource allocation. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

Sql injection

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. UI layout preferences management can be hijacked to lead to SQL injection. This injection can be use to...

Account takeover via SQL Injection in UI layout preferences in GLPI

[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. UI layout preferences management can be hijacked to lead to SQL...

CVE-2023-41320 Account takeover via SQL Injection in UI layout preferences in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. UI layout preferences management can be hijacked to lead to SQL injection. This injection can be use to...

CVE-2023-41320 Account takeover via SQL Injection in UI layout preferences in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. UI layout preferences management can be hijacked to lead to SQL injection. This injection can be use to...

PT-2023-6823 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.10 Description: The issue is related to the management of UI layout preferences in GLPI, which can be hijacked to lead to SQL injection. This injection can be used to take over an administrator account. The...

Malicious code in scoot-layout-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a09230af6397fced3ca15612fad365e70e995e8a83c26af0004b8e1fd8000e02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8187 Malicious code in scoot-layout-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a09230af6397fced3ca15612fad365e70e995e8a83c26af0004b8e1fd8000e02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-32184

A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosen This issue affects opensuse-welcome: from 0.1 before 0.1.9+git.35.4b9444a...

Information disclosure

A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosen This issue affects opensuse-welcome: from 0.1 before 0.1.9+git.35.4b9444a...

CVE-2023-32184

A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosen This issue affects opensuse-welcome: from 0.1 before 0.1.9+git.35.4b9444a...

Kibana 8.10.1 Security Update

Kibana Insertion of Sensitive Information into Log File ESA-2023-17 An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is...

CVE-2021-44193

Adobe After Effects versions 22.0 and earlier and 18.4.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user...

CVE-2021-43751

Adobe Premiere Pro versions 22.0 and earlier and 15.4.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user...