15 matches found
CVE-2025-63950
An insecure deserialization vulnerability exists in the download.php script of the to3k Twittodon application through commit b1c58a7d1dc664b38deb486ca290779621342c0b 2023-02-28. The 'obj' parameter receives base64-encoded data that is passed directly to the unserialize function without validation...
CVE-2025-56706
Edimax BR-6473AX v1.0.28 was discovered to contain a remote code execution RCE vulnerability via the Object parameter in the openwrtgetConfig function...
CVE-2025-56706
Edimax BR-6473AX v1.0.28 was discovered to contain a remote code execution RCE vulnerability via the Object parameter in the openwrtgetConfig function...
PT-2025-37920
Name of the Vulnerable Software and Affected Versions: Edimax BR-6473AX version 1.0.28 Description: The Edimax BR-6473AX version 1.0.28 contains a remote code execution RCE issue through the Object parameter within the openwrt getConfig function. Recommendations: At the moment, there is no...
PT-2024-38905 · WordPress · Wp Booking Calendar
Name of the Vulnerable Software and Affected Versions: WP Booking Calendar plugin for WordPress versions up to, and including, 10.5 Description: The issue is related to Reflected Cross-Site Scripting via several parameters from timeline obj due to insufficient input sanitization and output...
PT-2023-20856 · Xpdf · Xpdf
Name of the Vulnerable Software and Affected Versions: XPDF version 4.04 Description: An issue in XPDF allows an attacker to cause a denial of service via a crafted pdf file in the object.cc parameter. Recommendations: For XPDF version 4.04, consider avoiding the use of the object.cc parameter...
CVE-2017-14983
Cross-site scripting XSS vulnerability in the EyesOfNetwork web interface aka eonweb 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the object parameter to module/adminconf/index.php...
Cross site scripting
Cross-site scripting XSS vulnerability in the EyesOfNetwork web interface aka eonweb 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the object parameter to module/adminconf/index.php...
CVE-2017-14983
Cross-site scripting XSS vulnerability in the EyesOfNetwork web interface aka eonweb 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the object parameter to module/adminconf/index.php...
CVE-2017-6561
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=XSS attack...
Adobe Flash TextField.setFormat - Use-After-Free
Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=586 The TextField setFormat method contains a use-after-free. If an integer parameter has valueOf defined, or the object parameter overrides a constructor, this method ca...
Out-of-bounds
The AnnotationX.AnnList.1 ActiveX control in Agilent Technologies Feature Extraction allows remote attackers to execute arbitrary code via a crafted object parameter in the Insert function, related to "Index Out-Of-Bounds."...
CVE-2015-2092
The AnnotationX.AnnList.1 ActiveX control in Agilent Technologies Feature Extraction allows remote attackers to execute arbitrary code via a crafted object parameter in the Insert function, related to "Index Out-Of-Bounds."...
(0Day) Agilent Technologies Feature Extraction ActiveX Control Index Out-Of-Bounds Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Agilent Technologies Feature Extraction. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
Juniper SSL-VPN IVE JuniperSetupDLL.dll ActiveX Control Buffer Overflow
No description provided by source. $Id: junipersslvpnivesetupdll.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...