123 matches found
GStreamer 代码问题漏洞
GStreamer is an open source set of frameworks for processing streaming media from GStreamer. A code issue vulnerability exists in GStreamer that stems from a null pointer dereference vulnerability found in the gstmatroskademuxupdatetracks function in matroska-demux.c. The vulnerability is caused ...
The vulnerabilities of the functions cgi_create_playlist() and cgi_get_tracks_list() (/cgi-bin/MyMusic.cgi) in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 allow a malicious individual to execute arbitrary commands.
The vulnerabilities of the functions cgicreateplaylist and cgigettrackslist /cgi-bin/MyMusic.cgi in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343...
CVE-2024-8339
A vulnerability was found in SourceCodester Electric Billing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /?page=tracks of the component Connection Code Handler. The manipulation of the argument code leads to sql injection...
CVE-2024-8339
A vulnerability was found in SourceCodester Electric Billing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /?page=tracks of the component Connection Code Handler. The manipulation of the argument code leads to sql injection...
PT-2024-38954 · Sourcecodester · Sourcecodester Electric Billing Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Electric Billing Management System version 1.0 Description: A critical issue affects some unknown functionality of the file "/?page=tracks" of the component Connection Code Handler. The manipulation of the code argument leads t...
SourceCodester Electric Billing Management System SQL注入漏洞
SourceCodester Electric Billing Management System is a SourceCodester open source electric billing management system. A SQL injection vulnerability exists in SourceCodester Electric Billing Management System version 1.0, which originates from an SQL injection vulnerability in the code parameter o...
CVE-2024-41805
Tracks, a Getting Things Done GTD web application, is vulnerable to reflected cross-site scripting in versions prior to 2.7.1. Reflected cross-site scripting enables execution of malicious JavaScript in the context of a user’s browser if that user clicks on a malicious link, allowing phishing...
CVE-2024-41805 Tracks vulnerable to reflected cross-site scripting
Tracks, a Getting Things Done GTD web application, is vulnerable to reflected cross-site scripting in versions prior to 2.7.1. Reflected cross-site scripting enables execution of malicious JavaScript in the context of a user’s browser if that user clicks on a malicious link, allowing phishing...
CVE-2024-41805 Tracks vulnerable to reflected cross-site scripting
Tracks, a Getting Things Done GTD web application, is vulnerable to reflected cross-site scripting in versions prior to 2.7.1. Reflected cross-site scripting enables execution of malicious JavaScript in the context of a user’s browser if that user clicks on a malicious link, allowing phishing...
CVE-2024-41805
Tracks (Getting Things Done web app) is vulnerable to reflected cross-site scripting in versions prior to 2.7.1. The vulnerability occurs when a user clicks a malicious link, enabling execution of JavaScript in the browser and potential credential theft via phishing. Tracks 2.7.1 patches the issu...
CVE-2024-41805 Tracks vulnerable to reflected cross-site scripting
Tracks, a Getting Things Done GTD web application, is vulnerable to reflected cross-site scripting in versions prior to 2.7.1. Reflected cross-site scripting enables execution of malicious JavaScript in the context of a user’s browser if that user clicks on a malicious link, allowing phishing...
Tracks 安全漏洞
Tracks is an open source GTD-compatible web application built with Ruby on Rails by TracksApp. A security vulnerability exists in Tracks versions prior to 2.7.1. An attacker exploited the vulnerability to execute malicious JavaScript in a user's browser environment, which could lead to a credenti...
PT-2024-29572 · Tracks · Tracks
Name of the Vulnerable Software and Affected Versions: Tracks versions prior to 2.7.1 Description: The issue allows for reflected cross-site scripting, which enables the execution of malicious JavaScript in the context of a user's browser if that user clicks on a malicious link. This can lead to...
pyload Log Injection vulnerability
Summary A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. Details pyload will generate a log entry when attempting to sign in with faulty credentials. This entry will be in the...
CVE-2024-21645
pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in pyload allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. Forged or otherwise, corrupted log files can be used to cover an...
Use After Free
libgpac.so is vulnerable for Use After Free. The vulnerability is due to a lack of memory location validation in ctx-reftkw within the ctx-tracks array in the mp4muxconfigurepid function of src/filters/muxisom.c...
SUSE CVE-2012-3436
OpenTTD 0.6.0 through 1.2.1 does not properly validate requests to clear a water tile, which allows remote attackers to cause a denial of service NULL pointer dereference and server crash via a certain sequence of steps related to "the water/coast aspect of tiles which also have railtracks on one...
SUSE CVE-2014-0142
QEMU, possibly before 2.0.0, allows local users to cause a denial of service divide-by-zero error and crash via a zero value in the 1 tracks field to the seektosector function in block/parallels.c or 2 extentsize field in the bochs function in block/bochs.c...
CVE-2022-32549
A flaw was found in Apache Sling Commons Log. This flaw allows an attacker to benefit from the flaw and forge logs, allowing cover tracks and potentially corrupting log files...
CVE-2022-32549 log injection in Sling logging
Apache Sling Commons Log = 5.4.0 and Apache Sling API = 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files...