Vim 缓冲区错误漏洞

Vim is a UNIX-based editor. Vim is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause a heap buffer overflow...

CVE-2021-23449

The CVE-2021-23449 entry concerns the Node.js vm2 package (pre-3.9.4). A Prototype Pollution flaw allows an attacker to modify Object.prototype via proto /constructor payloads, which can lead to sandbox escape and execution of arbitrary code on the host. Impact is described as remote code executi...

Command injection

LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection HTTP, an attacker may be able to obtain the authentication data by capturing network...

Juniper Networks Junos OS 安全漏洞

Juniper Networks Junos OS is a network operating system from Juniper Networks, Inc. for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. Juniper Networks Junos OS is vulnerable to an access control error, which results from a specific...

CVE-2021-40499

Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application...

Libqt 缓冲区错误漏洞

Libqt is an open source software package. A buffer error vulnerability exists in Libqt that originates when rendering and displaying carefully crafted Scalable Vector Graphics SVG files; this flaw could lead to unauthorized memory access. The greatest threat of this vulnerability is data...

Alkacon OpenCms 代码问题漏洞

Alkacon OpenCms is an open source content management system CMS developed in Java.Alkacon OpenCms is vulnerable to an XML external entity vulnerability that can be exploited by attackers to steal files from the server's file system by uploading crafted SVG documents...

SUSE: Security Advisory (SUSE-SU-2021:3289-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Netty Vulnerabilities Affect the B2B API of IBM Sterling B2B Integrator

Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities. Vulnerability Details CVEID: CVE-2019-20445 DESCRIPTION: Netty could provide weaker than expected security, caused by non-proper handling of Content-Length and Transfer-Encoding in the HttpObjectDecoder.java. A remote...

CVE-2021-37330

Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Scripting XSS. The Avatar upload in the My Profile section could be exploited to upload a malicious SVG file which contains Javascript. Now if another user/admin views the profile and clicks to view his avatar, an XSS will trigge...

CVE-2020-20695

A stored cross-site scripting XSS vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file...

CVE-2021-40709

Adobe Photoshop versions 21.2.11 and earlier and 22.5 and earlier are affected by a Buffer Overflow vulnerability when parsing a specially crafted SVG file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user...

CVE-2021-39823

Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and earlier versions are affected by a heap buffer overflow vulnerability due to insecure handling of a malicious .svg file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is...

Exploit for Use After Free in Microsoft

PoC exploit for CVE-2021-31166, a Windows HTTP protocol stack re...

Gila CMS 跨站脚本漏洞

Gila CMS is an open source content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in Gila CMS version 1.11.4, which can be exploited by an attacker to execute arbitrary Web script or HTML via specially crafted SVG files...

Cisco IOS XE Software 安全漏洞

Cisco IOS and Cisco IOS XE Software are both products of the U.S. company Cisco IOS is a set of operating systems developed for its network devices.Cisco IOS XE Software is an operating system. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN,...

CVE-2021-39558

An issue was discovered in swftools through 20200710. A stack-buffer-overflow exists in the function VectorGraphicOutputDev::drawGeneralImage located in VectorGraphicOutputDev.cc. It allows an attacker to cause code Execution...

Stack overflow

An issue was discovered in swftools through 20200710. A stack-buffer-overflow exists in the function VectorGraphicOutputDev::drawGeneralImage located in VectorGraphicOutputDev.cc. It allows an attacker to cause code Execution...

Security Bulletin: IBM Data Replication Java SDK Update

Summary This bulletin covers common Java SDK vulnerability findings in the IBM Java SDK packaged with this offering. Vulnerability Details CVEID: CVE-2020-14781 DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to obtain...

Open Redirect in zikula/core

Description Open Redirect on Login with parameter ?returnUrl= Proof of Concept POST /login?returnUrl=https://google.com HTTP/2 Host: demo.ziku.la Cookie: zsid=b6g4qa64983t2tg073uh1e1rjm User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0 Gecko/20100101 Firefox/93.0 Accept:...