16 matches found
CVE-2025-68643
Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...
PT-2026-6592
Name of the Vulnerable Software and Affected Versions Axigen Mail Server versions prior to 10.5.57 Description The software contains a stored Cross-Site Scripting XSS issue in how it handles the timeFormat account preference parameter. An attacker can leverage this by injecting a malicious...
EUVD-2025-206860
Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...
CVE-2025-68643
Axigen Mail Server prior to 10.5.57 is affected by a stored XSS in the timeFormat account preference. The vulnerability allows an attacker to inject a malicious JavaScript payload into timeFormat, which is later loaded from storage and inserted into the DOM when the WebMail interface is accessed,...
PT-2024-41503 · 'Ред Софт' · Ред База Данных
Уязвимость функции readConfig модуля TraceConfiguration.cpp системы управления базами данных «Ред База Данных» связана с неправильной обработкой параметра time format. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании...
Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated) Vulnerability
Exploit Title: Maxima Max Pro Power - BLE Traffic Replay Unauthenticated Exploit Author: Alok kumar email protected, Cyberpwn Technologies Pvt. Ltd. Vendor Homepage: https://www.maximawatches.com Product Link: https://www.maximawatches.com/products/max-pro-power Firmware Version: v1.0 486A Tested...
Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated)
Exploit Title: Maxima Max Pro Power - BLE Traffic Replay Unauthenticated Date: 13-Nov-2023 Exploit Author: Alok kumar [email protected], Cyberpwn Technologies Pvt. Ltd. Vendor Homepage: https://www.maximawatches.com Product Link: https://www.maximawatches.com/products/max-pro-power Firmware...
SUSE CVE-2015-8213
The getformat function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRETKEY...
Ldsview - Offline search tool for LDAP directory dumps in LDIF format
Offline search tool for LDAP directory dumps in LDIF format. Features Fast and memory efficient parsing of LDIF files Build ldapsearch commands to extract an LDIF from a directory Show directory structure UAC and directory time format translation Config Config options can be passed as CLI flags,...
Description of the security update for SharePoint Server 2019: August 11, 2020
Description of the security update for SharePoint Server 2019: August 11, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the...
CVE-2017-14198
An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution RCE via a maliciously crafted timeformat tag...
Remote code execution
An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution RCE via a maliciously crafted timeformat tag...
CVE-2017-14198
Summary: CVE-2017-14198 affects Squiz Matrix prior to 5.3.6.1 and 5.4.x prior to 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution (RCE) via a maliciously crafted time_format tag. The connected CNVD/NVD entries corroborate the affected versions an...
PYSEC-2015-11
The getformat function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRETKEY...
PYSEC-2015-11
The getformat function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRETKEY...
CVE-2015-8213
The getformat function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRETKEY...