amf 缓冲区错误漏洞

AMF is an open-source library under Apache License, developed by Free5GC. Versions of AMF prior to 2.1.1 contain a buffer error vulnerability, which stems from unknown parts of the NGSetupRequest Handler component, potentially leading to memory corruption...

Backstage 日志信息泄露漏洞

Backstage is a Backstage open source application. Backstage is an open platform for building developer portals. A log information disclosure vulnerability exists in versions prior to Backstage 2.1.1, which stems from duplicate logging of input values resulting in some secrets not being edited...

PT-2024-35032 · Unknown · What Would Seth Godin Do

Name of the Vulnerable Software and Affected Versions: What Would Seth Godin Do versions prior to 2.1.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This enables attackers to inject malicious...

PT-2024-31543

Name of the Vulnerable Software and Affected Versions PHPSpreadsheet versions prior to 1.29.2 PHPSpreadsheet versions prior to 2.1.1 PHPSpreadsheet versions prior to 2.3.0 Description It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XL...

PT-2024-11746 · Siklu · Siklu Tg Terragraph

Name of the Vulnerable Software and Affected Versions: Siklu TG Terragraph devices versions prior to 2.1.1 Description: The issue is related to a hardcoded root password in Siklu TG Terragraph devices, which was revealed through a brute force attack on an MD5 hash. This password can be used for...

Cookiecutter 操作系统命令注入漏洞

Cookiecutter is a cross-platform command line utility that can create projects from cookiecutters project templates, such as Python package projects, C projects. Cookiecutter versions prior to 2.1.1 suffer from an operating system command injection vulnerability that stems from easy command...

CVE-2022-0440

The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog ie DISALLOWUNFILTEREDHTML, DISALLOWFILEEDIT and DISALLOWFILEMODS...

CVE-2020-8807

In Electric Coin Company Zcashd before 2.1.1-1, the time offset between messages could be leveraged to obtain sensitive information about the relationship between a suspected victim's address and an IP address, aka a timing side channel...

FreeRDP Buffer Overflow Vulnerability (CNVD-2020-31410)

FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the FreeRDP team. A buffer overflow vulnerability exists in the ntlmreadChallengeMessage file in winpr/libwinpr/sspi/NTLM/ntlmmessage.c in versions of FreeRDP prior to 2.1.1. The vulnerability stems from a networked...

Unspecified Vulnerability in Json Pattern Validator

Json Pattern Validator JPV is a JSON pattern validator . A security vulnerability exists in JPV versions prior to 2.1.1. Attackers can use the vulnerability to manipulate the results of type detection with the help of a specially crafted payload...

dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or...

UBUNTU-CVE-2018-1000632

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or...

WordPress Splashing Images Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . Splashing Images wp-splashing-images is used in one of the image selection plugin . A cross-site scripting...