195 matches found
Cross site scripting
A cross-site scripting XSS vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later...
CVE-2023-47219 QuMagie
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later...
CVE-2023-34977 Video Station
A cross-site scripting XSS vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 2023/07/27 and later...
Stack-based Overflow
exim is vulnerable to Stack-based Overflow. The vulnerability arises from the absence of proper validation of user-supplied data length before copying it into a fixed-length stack-based buffer during the handling of NTLM challenge requests in the SMTP challenge component. This allows an attacker ...
Out-of-Bounds Write
libopenbabel.so is vulnerable to Out-of-Bounds Write. The vulnerability exists in the CSR format in the WriteMolecule function of CSRformat.cpp, which allows an attacker to inject and execute malicious code, by providing a maliciously crafted file...
Out-of-Bounds Write
libopenbabel.so is vulnerable to Out-of-Bounds Write. The vulnerability exists in the Gaussian file format in the ReadMolecule function of mopacformat.cpp, which allows an attacker to inject and execute malicious code, causing an application to crash by providing a maliciously crafted file...
Trend Micro Apex Central 跨站脚本漏洞
Trend Micro Apex Central is a Web-based console from Trend Micro, Inc. A cross-site scripting vulnerability exists in Trend Micro Apex Central, which can be exploited by an attacker to inject malicious script or HTML code...
CVE-2023-23956
A user can supply malicious HTML and JavaScript code that will be executed in the client browser...
Remote Code Execution (RCE)
codeigniter4/framework is vulnerable to Remote Code Execution RCE. The vulnerability exists because the Validation.php does not properly validate the validation placeholders, which allows an attacker to inject and execute malicious code...
Remote Code Execution (RCE)
powerjob is vulnerable to Remote Code Execution RCE. The vulnerability exists due to the library's lack of user input validation, which allows an attacker to inject and execute malicious code...
QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates
Taiwanese company QNAP has released updates to remediate a critical security flaw affecting its network-attached storage NAS devices that could lead to arbitrary code injection. Tracked as CVE-2022-27596, the vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring scale. It affects...
Arbitrary Code Execution
powerlinegitstatus is vulnerable to arbitrary code execution. The vulnerability is due to the getbasecommand function in segments.py with git repositories containing per-repository configurations that are being displayed when changing the directories which allows an attacker to inject and execute...
Denial Of Service (DoS)
firefox is vulnerable to remote code execution. The vulnerability exists due to a memory corruption allowing an attacker to inject maliciously crafted code into the system...
Remote Code Execution (RCE)
formidable is vulnerable to remote code execution. The vulnerability exists due to the lack validation in the upload file, allowing an attacker to inject and execute malicious code via crafted filename...
CVE-2022-24881
Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but...
Remote Code Execution (RCE)
jenkins-2-plugins is vulnerable to remote code execution. The vulnerability exists due to a sandbox bypass allowing an attacker to inject maliciously crafted code into the system...
Modern Events Calendar Lite < 6.4.7 - Reflected Cross-Site Scripting
The plugin does not escape some generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC On a page where the Total Booking widget is displayed, append the following payload: "...
CVE-2022-25612 WordPress Simple Event Planner plugin <= 1.5.4 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities in Simple Event Planner WordPress plugin = 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &customeventorganiser, &customorganiseremail, &customorganisercontact...
CVE-2022-24915 ICSA-22-062-01 IPCOMM ipDIO
The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section where the information is displayed. Injection can be done on specific parameters. Th...
CVE-2022-22985 ICSA-22-062-01 IPCOMM ipDIO
The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the specific web section where the information is displayed. Injection can be done on specific...