PeTeReport 跨站脚本漏洞

PeTeReport is an open source application vulnerability reporting tool. PeTeReport has a cross-site scripting vulnerability that stems from the software's lack of filtering and escaping of user data, which could be exploited by an attacker to inject persistent JavaScript code through an...

Dahua ToolBox 1.010.0000000.0 DLL Hijacking

Hi all, I have actually contacted Dahua PSIRT team and they confirmed the vulnerability exists few days ago but then since this product is not in that scope on requesting CVE and therefore I am going to disclose the details here: Vulnerable Software and Version: ToolBox-V1.010.0000000.0 versions...

Design/Logic Flaw

seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname...

Security Bulletin: Remote code execution vulnerability in the JSF used by WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center)

Summary A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Control formerly Tivoli Storage Productivity Center. There is a remote code execution vulnerability in the JSF Sun Reference Implementation 1.2 used by WebSphere Application Server. The JSF Sun Reference Implementati...

Cross-site Scripting (XSS) - Stored

Description Stored XSS is a vulnerability in which the attacker can execute arbitrary javascript code in the victim's browser. The XSS payload is stored in a webpage and it gets executed whenever someone visits that webpage. I used &10 Line Feed character in the href attribute of tag to bypass th...

Adobe Creative Cloud Desktop Uncontrolled Search Path Element Vulnerability

Adobe Creative Cloud Desktop Application is a suite of applications from Adobe for managing applications and services in the Creative Cloud Member Management Center. The application supports synchronizing and sharing files, managing fonts, and accessing a library of assets for commercial...

CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/

Description The Introduction of a New Line Character lets the attacker the stack trace at demo.microweber.org/ This Attack becomes more significant because of its Less complication. The Stack trace discloses following information : 1. Backend Response code. 2. The Versions of Backend Laravel...

[WP-H0] DEFAULT_ADMIN_ROLE of BribeVault can steal tokens from users' wallets

Lines of code Vulnerability details The current design/implementation allows the DEFAULTADMINROLE of BribeVault to steal funds from any address that approved this contract up to allowance: As a DEFAULTADMINROLE, the attack is simply do the following steps: 1. grantDepositorRole to self; 2...

CVE-2022-23202

Adobe Creative Cloud Desktop version 2.7.0.13 and earlier is affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must download a...

Path traversal

Adobe Creative Cloud Desktop version 2.7.0.13 and earlier is affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must download a...

Pjsua Api 缓冲区错误漏洞

Pjsua Api is an advanced Api for building Sip multimedia user agent applications, and a buffer overflow vulnerability exists in the PJSUA API, which can be exploited to cause a buffer overflow via a controlled "filename" parameter...

CVE-2022-24588

Flatpress v1.2.1 was discovered to contain a cross-site scripting XSS vulnerability in the Upload SVG File function...

Buffer Overflow in galois_2p8

In galois2p8 before 0.1.2, PrimitivePolynomialField::new has an off-by-one buffer overflow for a vector...

GHSA-9P8Q-J6Q5-MJW8 Buffer Overflow in galois_2p8

In galois2p8 before 0.1.2, PrimitivePolynomialField::new has an off-by-one buffer overflow for a vector...

PT-2022-16740 · Flatpress · Flatpress

Name of the Vulnerable Software and Affected Versions: Flatpress version 1.2.1 Description: A cross-site scripting XSS issue was found in the Upload SVG File function. This could potentially allow attackers to inject malicious scripts into websites. Recommendations: For Flatpress version 1.2.1,...

FlatPress 跨站脚本漏洞

FlatPress is a Php-based blog builder with no database support from the FlatPress community. A cross-site scripting vulnerability exists in FlatPress v1.2.1, which stems from the discovery of a cross-site scripting XSS vulnerability in the Upload SVG File function...

Adobe Illustrator null pointer dereference vulnerability (CNVD-2022-15929)

Adobe Illustrator is a vector-based image creation software from Adobe. Adobe Illustrator has a security vulnerability that could be exploited by attackers to launch an application denial of service in the context of the current user...

CVE-2022-24988

In galois2p8 before 0.1.2, PrimitivePolynomialField::new has an off-by-one buffer overflow for a vector...

Buffer overflow

In galois2p8 before 0.1.2, PrimitivePolynomialField::new has an off-by-one buffer overflow for a vector...

Adobe Illustrator out-of-bounds read vulnerability (CNVD-2022-15937)

Adobe Illustrator is a vector-based image creation software from Adobe, Inc. A security vulnerability exists in Adobe Illustrator, which stems from the product's failure to add effective data protection measures. A remote attacker could use the vulnerability to access sensitive information...