Laboratory Management System 安全漏洞

Laboratory Management System is a laboratory management system by oretnom23 individual developer. A security vulnerability exists in Laboratory Management System v1.0. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload injected into...

Laboratory Management System 安全漏洞

Laboratory Management System is a laboratory management system by oretnom23 individual developer. A security vulnerability exists in Laboratory Management System v1.0. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload injected into...

WordPress Spectra plugin cross-site scripting vulnerability (CNVD-2024-27891)

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

[SECURITY] [DLA 3821-1] libreoffice security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3821-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 26, 2024 https://wiki.debian.org/LTS -...

Debian dla-3821 : fonts-opensymbol - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3821 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3821-1 [email protected] https://www.debian.org/lts/security/...

Splunk Config Explorer vulnerable to cross-site scripting

Overview Splunk Config Explorer provided by Chris Younger contains a reflected cross-site scripting vulnerability CWE-79. Taihei Shimamine of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

WordPress plugin WP Booking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Splunk Config Explorer 安全漏洞

Splunk Config Explorer is an editor interface by Chris Younger, a personal developer. A security vulnerability exists in Splunk Config Explorer versions prior to 1.7.16. An attacker can exploit the vulnerability to execute arbitrary scripts on a web browser...

PT-2024-26386 · Tauri · Tauri

Name of the Vulnerable Software and Affected Versions: Tauri versions prior to 1.6.7 Tauri versions prior to 2.0.0-beta.19 Description: The issue allows remote origin iFrames in Tauri applications to access the Tauri IPC endpoints without being explicitly allowed. This bypasses the origin check a...

CVE-2024-30419

A-blog cms contains a stored cross-site scripting (XSS) vulnerability: CVE-2024-30419 affects versions prior to 3.1.12, 3.0.x prior to 3.0.32, 2.11.x prior to 2.11.61, 2.10.x prior to 2.10.53, and 2.9 and earlier. If exploited, a user with contributor or higher privileges who can log in may cause...

SUSE CVE-2024-22120

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection...

DEBIAN-CVE-2024-22120

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection...

UBUNTU-CVE-2024-22120

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection...

LibreOffice < 7.6.7 / 8.0.x < 24.2.3 (cve-2024-3044)

The version of LibreOffice installed on the remote host is prior to 24.2.3 or 7.6.7. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-3044 advisory. - Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a...

SUSE CVE-2024-3044

Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A cross-site scripting vulnerability exists in...

CVE-2024-3044

A flaw was found in LibreOffice. Unchecked script execution in graphic on-click binding allows an attacker to create a document, which, without a prompt, will execute scripts built into LibreOffice when clicking a graphic. These scripts were previously deemed trusted but are now deemed untrusted...

Debian dsa-5690 : fonts-opensymbol - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5690 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5690-1 [email protected] https://www.debian.org/security/...

CVE-2024-3044

Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted...

DEBIAN-CVE-2024-3044

Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted...