Lucene search
K

123 matches found

CNNVD
CNNVD
added 2024/12/11 12:0 a.m.1 views

GStreamer 代码问题漏洞

GStreamer is an open source set of frameworks for processing streaming media from GStreamer. A code issue vulnerability exists in GStreamer that stems from a null pointer dereference vulnerability found in the gstmatroskademuxupdatetracks function in matroska-demux.c. The vulnerability is caused ...

7.5CVSS6.1AI score0.00865EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/09/30 12:0 a.m.8 views

The vulnerabilities of the functions cgi_create_playlist() and cgi_get_tracks_list() (/cgi-bin/MyMusic.cgi) in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 allow a malicious individual to execute arbitrary commands.

The vulnerabilities of the functions cgicreateplaylist and cgigettrackslist /cgi-bin/MyMusic.cgi in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343...

9CVSS7.3AI score0.19464EPSS
Exploits1References7
OSV
OSV
added 2024/08/30 3:15 p.m.3 views

CVE-2024-8339

A vulnerability was found in SourceCodester Electric Billing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /?page=tracks of the component Connection Code Handler. The manipulation of the argument code leads to sql injection...

9.8CVSS5.8AI score0.0062EPSS
Exploits1References5
NVD
NVD
added 2024/08/30 3:15 p.m.36 views

CVE-2024-8339

A vulnerability was found in SourceCodester Electric Billing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /?page=tracks of the component Connection Code Handler. The manipulation of the argument code leads to sql injection...

9.8CVSS0.0062EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/08/30 12:0 a.m.4 views

PT-2024-38954 · Sourcecodester · Sourcecodester Electric Billing Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Electric Billing Management System version 1.0 Description: A critical issue affects some unknown functionality of the file "/?page=tracks" of the component Connection Code Handler. The manipulation of the code argument leads t...

9.8CVSS8.2AI score0.0062EPSS
Exploits1References9
CNNVD
CNNVD
added 2024/08/30 12:0 a.m.4 views

SourceCodester Electric Billing Management System SQL注入漏洞

SourceCodester Electric Billing Management System is a SourceCodester open source electric billing management system. A SQL injection vulnerability exists in SourceCodester Electric Billing Management System version 1.0, which originates from an SQL injection vulnerability in the code parameter o...

9.8CVSS7.1AI score0.0062EPSS
Exploits1References7
NVD
NVD
added 2024/07/26 3:15 p.m.11 views

CVE-2024-41805

Tracks, a Getting Things Done GTD web application, is vulnerable to reflected cross-site scripting in versions prior to 2.7.1. Reflected cross-site scripting enables execution of malicious JavaScript in the context of a user’s browser if that user clicks on a malicious link, allowing phishing...

6.1CVSS0.00404EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/07/26 2:51 p.m.10 views

CVE-2024-41805 Tracks vulnerable to reflected cross-site scripting

Tracks, a Getting Things Done GTD web application, is vulnerable to reflected cross-site scripting in versions prior to 2.7.1. Reflected cross-site scripting enables execution of malicious JavaScript in the context of a user’s browser if that user clicks on a malicious link, allowing phishing...

6.1CVSS6.2AI score0.00404EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/07/26 2:51 p.m.17 views

CVE-2024-41805 Tracks vulnerable to reflected cross-site scripting

Tracks, a Getting Things Done GTD web application, is vulnerable to reflected cross-site scripting in versions prior to 2.7.1. Reflected cross-site scripting enables execution of malicious JavaScript in the context of a user’s browser if that user clicks on a malicious link, allowing phishing...

6.1CVSS0.00404EPSS
Exploits0References4
CVE
CVE
added 2024/07/26 2:51 p.m.44 views

CVE-2024-41805

Tracks (Getting Things Done web app) is vulnerable to reflected cross-site scripting in versions prior to 2.7.1. The vulnerability occurs when a user clicks a malicious link, enabling execution of JavaScript in the browser and potential credential theft via phishing. Tracks 2.7.1 patches the issu...

6.1CVSS6AI score0.00404EPSS
Exploits0References4
OSV
OSV
added 2024/07/26 2:51 p.m.10 views

CVE-2024-41805 Tracks vulnerable to reflected cross-site scripting

Tracks, a Getting Things Done GTD web application, is vulnerable to reflected cross-site scripting in versions prior to 2.7.1. Reflected cross-site scripting enables execution of malicious JavaScript in the context of a user’s browser if that user clicks on a malicious link, allowing phishing...

6.1CVSS6.2AI score0.00404EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/07/26 12:0 a.m.8 views

Tracks 安全漏洞

Tracks is an open source GTD-compatible web application built with Ruby on Rails by TracksApp. A security vulnerability exists in Tracks versions prior to 2.7.1. An attacker exploited the vulnerability to execute malicious JavaScript in a user's browser environment, which could lead to a credenti...

6.1CVSS6.7AI score0.00404EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/07/26 12:0 a.m.6 views

PT-2024-29572 · Tracks · Tracks

Name of the Vulnerable Software and Affected Versions: Tracks versions prior to 2.7.1 Description: The issue allows for reflected cross-site scripting, which enables the execution of malicious JavaScript in the context of a user's browser if that user clicks on a malicious link. This can lead to...

6.1CVSS7AI score0.00404EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2024/01/08 3:29 p.m.23 views

pyload Log Injection vulnerability

Summary A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. Details pyload will generate a log entry when attempting to sign in with faulty credentials. This entry will be in the...

5.3CVSS7.4AI score0.24513EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2024/01/08 2:15 p.m.69 views

CVE-2024-21645

pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in pyload allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. Forged or otherwise, corrupted log files can be used to cover an...

5.3CVSS5.4AI score0.24513EPSS
Exploits1References2
Veracode
Veracode
added 2023/09/07 10:50 a.m.27 views

Use After Free

libgpac.so is vulnerable for Use After Free. The vulnerability is due to a lack of memory location validation in ctx-reftkw within the ctx-tracks array in the mp4muxconfigurepid function of src/filters/muxisom.c...

5.5CVSS6.8AI score0.00267EPSS
Exploits1References4Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:45 a.m.3 views

SUSE CVE-2012-3436

OpenTTD 0.6.0 through 1.2.1 does not properly validate requests to clear a water tile, which allows remote attackers to cause a denial of service NULL pointer dereference and server crash via a certain sequence of steps related to "the water/coast aspect of tiles which also have railtracks on one...

5CVSS6.8AI score0.03384EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:32 a.m.2 views

SUSE CVE-2014-0142

QEMU, possibly before 2.0.0, allows local users to cause a denial of service divide-by-zero error and crash via a zero value in the 1 tracks field to the seektosector function in block/parallels.c or 2 extentsize field in the bochs function in block/bochs.c...

5.5CVSS6.6AI score0.00382EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2022/06/30 5:56 p.m.58 views

CVE-2022-32549

A flaw was found in Apache Sling Commons Log. This flaw allows an attacker to benefit from the flaw and forge logs, allowing cover tracks and potentially corrupting log files...

5.3CVSS3.9AI score0.0222EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/06/22 2:25 p.m.17 views

CVE-2022-32549 log injection in Sling logging

Apache Sling Commons Log = 5.4.0 and Apache Sling API = 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files...

5.8AI score0.0222EPSS
Exploits0References1
Rows per page
Query Builder