28 matches found
PT-2025-22123 · WordPress · Order Delivery Date
Name of the Vulnerable Software and Affected Versions: Order Delivery Date WordPress plugin versions prior to 12.4.0 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the plugin does not properly sanitise and escape a parameter before outputting it...
Drupal Open Social module < 12.3.11,12.4.0-12.4.9 - Unauthenticated Broken Access Control vulnerability
Unauthenticated Broken Access Control vulnerability discovered by Robert Ragas robertragas in WordPress Module Open Social versions 12.3.11,12.4.0-12.4.9...
CVE-2024-13312
Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 11.8.0 before 12.3.10, from 12.4.0 before 12.4.9...
Drupal 安全漏洞
Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Open Social versions 12.3.8 prior to 12.4.0 through 12.4.5, which stems from improper control of interaction frequency...
CVE-2023-26415
Adobe Substance 3D Designer version 12.4.0 and earlier is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2023-26413
Adobe Substance 3D Designer version 12.4.0 and earlier is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2023-26411
Adobe Substance 3D Designer version 12.4.0 and earlier is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the...
CVE-2023-26398
Adobe Substance 3D Designer version 12.4.0 and earlier is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the...
Heap overflow
Adobe Substance 3D Designer version 12.4.0 and earlier is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
Adobe Substance 3D Designer 缓冲区错误漏洞
Adobe Substance 3D Designer is a 3D design software from Adobe. A security vulnerability exists in Adobe Substance 3D Designer version 12.4.0 and prior versions, which stems from a buffer overflow vulnerability that could lead to the execution of arbitrary code in the context of the current user...
CVE-2023-26415 ZDI-CAN-20317: Adobe Substance 3D Designer DAE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Adobe Substance 3D Designer version 12.4.0 and earlier is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2023-26398
Adobe Substance 3D Designer vulnerability CVE-2023-26398 arises from an out-of-bounds read when parsing a crafted USDC/related file, allowing code execution in the context of the current user. The issue affects Substance 3D Designer version 12.4.0 and earlier and requires user interaction (victim...
Adobe Substance 3D Designer 缓冲区错误漏洞
Adobe Substance 3D Designer is a 3D design software from Adobe. A security vulnerability exists in Adobe Substance 3D Designer version 12.4.0 and prior versions, which stems from a buffer overflow vulnerability that could lead to the execution of arbitrary code in the context of the current user...
Adobe Substance 3D Designer 资源管理错误漏洞
Adobe Substance 3D Designer is a 3D design software from Adobe. A resource management error vulnerability exists in Adobe Substance 3D Designer version 12.4.0 and prior versions, which stems from a post-release reuse vulnerability that could lead to the execution of arbitrary code in the current...
Adobe Substance 3D Designer 缓冲区错误漏洞
Adobe Substance 3D Designer is a 3D design software from Adobe. A security vulnerability exists in Adobe Substance 3D Designer version 12.4.0 and prior versions, which stems from a buffer overflow vulnerability that could lead to the execution of arbitrary code in the context of the current user...
PT-2023-6364 · Adobe · Substance3D - Designer
Name of the Vulnerable Software and Affected Versions: Adobe Substance 3D Designer version 12.4.0 and earlier Description: The issue is related to an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attack...
PT-2023-2280 · Adobe · Substance3D - Designer
Name of the Vulnerable Software and Affected Versions: Adobe Substance 3D Designer versions 12.4.0 and earlier Description: The issue is related to a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires...
GitLab File Read Remote Code Execution
This module provides remote code execution against GitLab Community Edition CE and Enterprise Edition EE. It combines an arbitrary file read to extract the Rails "secretkeybase", and gains remote code execution with a deserialization vulnerability of a signed 'experimentationsubjectid' cookie tha...
CVE-2019-2728
Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite subcomponent: Networking. Supported versions that are affected are 12.3.3 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...
Code injection
Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite subcomponent: Networking. Supported versions that are affected are 12.3.3 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...