Parse Server vulnerable to session token exfiltration via `redirectClassNameForKey` query parameter

Impact A vulnerability in Parse Server's query handling allows an authenticated or unauthenticated attacker to exfiltrate session tokens of other users by exploiting the redirectClassNameForKey query parameter. Exfiltrated session tokens can be used to take over user accounts. The vulnerability...

GHSA-6R2J-CXGF-495F Parse Server vulnerable to session token exfiltration via `redirectClassNameForKey` query parameter

Impact A vulnerability in Parse Server's query handling allows an authenticated or unauthenticated attacker to exfiltrate session tokens of other users by exploiting the redirectClassNameForKey query parameter. Exfiltrated session tokens can be used to take over user accounts. The vulnerability...

EUVD-2018-11816

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-14543

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There exists one NULL pointer dereference vulnerability in AP4JsonInspector::AddField in Ap4Atom.cpp in Bento4 1.5.1-624, which can allow attackers to cause a...

Mysiteforme 安全漏洞

Mysiteforme is a permission management system for wangl1989 individual developers. A security vulnerability exists in Mysiteforme versions prior to 2025.01.01, which stems from the inclusion of a fastjson deserialization vulnerability discovered via the component system/table/addField...

UBUNTU-CVE-2019-17530

An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4PrintInspector::AddField in Core/Ap4Atom.cpp when called from AP4CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp, when called from AP4Atom::Inspect in Core/Ap4Atom.cpp...

Foxit Reader Type Obfuscation Remote Code Execution Vulnerability (CNVD-2018-14463)

Foxit Reader old name: Foxit PDF Reader is a set of software used to read PDF format files, by Fujian Foxit Software developed by Foxit Reader is a set of free to use the software, the operating system is mainly based on Microsoft Windows, and as long as there is a Win32 implementation of the...

CVE-2018-14242

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-14543

There exists one NULL pointer dereference vulnerability in AP4JsonInspector::AddField in Ap4Atom.cpp in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp4dump...

Null pointer dereference

There exists one NULL pointer dereference vulnerability in AP4JsonInspector::AddField in Ap4Atom.cpp in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp4dump...

CVE-2018-14543

There exists one NULL pointer dereference vulnerability in AP4JsonInspector::AddField in Ap4Atom.cpp in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp4dump...

CVE-2018-14543

There exists one NULL pointer dereference vulnerability in AP4JsonInspector::AddField in Ap4Atom.cpp in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp4dump...

Foxit Reader addField Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addField method...

CVE-2018-9935

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-1178

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-9935

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-9935

Foxit Reader 8.3.2.25013 is affected by a remote code execution vulnerability in the addField method. The root cause is failing to validate the existence of an object before operating on it, leading to potential code execution under the current process context. Public sources (ZDI-18-319) describ...

Foxit Reader addField Remote Code Execution Vulnerability (CNVD-2018-09956)

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the handling of the addField method, which can be exploited to execute arbitrary code in the context of the current process due to a lack of validation before performing an operation on ...

Foxit Reader addField Remote Code Execution Vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the addField method, which can be exploited to execute arbitrary code in the context of the current process due to a lack of validation before performing an operation on an object...