CVE-2024-47260

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then designed resulting in the Axis device running out of memory. Axis has released patched AXIS OS versions for the...

PT-2024-37998 · Parisneo · Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui version 9.8 Description: A Denial of Service DOS attack can be performed when uploading an audio file. If an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously...

CVE-2023-51072

A stored cross-site scripting XSS vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section. This allows any authenticated us...

PT-2024-14050 · Nagios Xi · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI versions up to and including 2024R1 Description: A stored cross-site scripting XSS vulnerability in the NOC component allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality...

VK.com: CSRF на загрузку аудиозаписей

Недостаточные проверки хеша при загрузке аудиозаписей...