32 matches found
Zulip 跨站脚本漏洞
Zulip is a powerful open source group chat application from Zulip, Inc. for combining the immediacy of real-time chat with the productivity benefits of threaded conversations. A security vulnerability exists in Zulip version 7.0-beta1, 7.0-beta2, which stems from a problem with the tooltip of the...
PT-2023-24203 · Unknown · Zulip Server
Name of the Vulnerable Software and Affected Versions: Zulip Server versions 7.0-beta1 through 7.0-beta2 and the main development branch from May 2, 2023 and later Description: The issue is related to a cross-site scripting vulnerability in tooltips on the message feed. An attacker who can send...
PT-2023-23002 · H2O · H2O
Name of the Vulnerable Software and Affected Versions: H2O versions 2.3.0-beta2 and prior Description: H2O is an HTTP server. When the reverse proxy handler tries to process a certain type of invalid HTTP request, it tries to build an upstream URL by reading from an uninitialized pointer. This...
PT-2023-20443 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions 3.1.0.beta2 through 3.1.0.beta3 Description: Discourse is an open-source discussion platform. Editing or responding to a chat message containing malicious content could lead to a cross-site scripting attack. Recommendations...
PT-2022-16875 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions 2.8.2 and prior in the stable branch Discourse versions 2.9.0.beta3 and prior in the beta branch Discourse versions 2.9.0.beta3 and prior in the tests-passed branch Description: Discourse is an open source discussion...
PT-2022-17044 · Stepmania · Stepmania
Name of the Vulnerable Software and Affected Versions: Stepmania versions 5.1b2 and below Description: The issue allows attackers to access the entire file system through the /rootfs component in RageFile. Recommendations: For Stepmania versions 5.1b2 and below, consider restricting access to the...
PT-2021-7304 · Eclipse +2 · Eclipse Jetty +2
Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions 9.4.32 through 9.4.38 Eclipse Jetty versions 10.0.0.beta2 through 10.0.1 Eclipse Jetty versions 11.0.0.beta2 through 11.0.1 Description: The issue is related to the webapps directory in Eclipse Jetty being a symlink,...
Bash Input Validation Error Vulnerability
Bash is a shell command language interpreter written for the GNU Project and running on Unix-like operating systems by American software developer Brian J. Fox. It can read and execute commands from standard input devices or files. A security vulnerability exists in versions prior to Bash...
CVE-2017-8802
Cross-site scripting XSS vulnerability in Zimbra Collaboration Suite aka ZCS before 8.8.0 Beta2 might allow remote attackers to inject arbitrary web script or HTML via vectors related to the "Show Snippet" functionality...
Zimbra Collaboration Suite Cross-Site Scripting Vulnerability
Zimbra Collaboration Suite ZCS is an open source collaboration suite from the US company Zimbra, which includes WebMail, Calendar, Address Book and more. A cross-site scripting vulnerability exists in versions of ZCS prior to 8.8.0 Beta2. A remote attacker can exploit this vulnerability to inject...
CVE-2009-5090
SQL injection vulnerability in editcomments.php in Bloggeruniverse Beta 2, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter and possibly other unspecified vectors...
VulnCheck KEV: CVE-2006-1359
Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer...