148 matches found
SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2020:0411-1)
This update for ImageMagick fixes the following issues : Security issue fixed : CVE-2019-19948: Fixed a heap-based buffer overflow in WriteSGIImage bsc1159861. CVE-2019-19949: Fixed a heap-based buffer over-read in WritePNGImage bsc1160369. Non-security issue fixed: Fixed an issue where convertin...
CVE-2014-4198
A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user access privileged function...
Authentication flaw
A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user access privileged function...
CVE-2014-4198
A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user access privileged function...
CVE-2014-4198
The vulnerability CVE-2014-4198 affects BS-Client Private Client, versions 2.4 and 2.5. A flaw in the authentication flow allows a two-factor bypass via an XML request that omits ADPswID and AD parameters, enabling a malicious user to access privileged functions. Root cause stated as improper han...
bs-citysued.de Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1075707 Security Researcher geeknik Helped patch 8722 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting bs-citysued.de website and...
CVE-2014-4196
Cross-site scripting XSS vulnerability in bsi.dll in Bank Soft Systems BSS RBS BS-Client 3.17.9 allows remote attackers to inject arbitrary web script or HTML via the colorstyle parameter...
CVE-2014-10398
Multiple cross-site scripting XSS vulnerabilities in bsi.dll in Bank Soft Systems BSS RBS BS-Client. Private Client aka RBS BS-Client. Retail Client 2.5, 2.4, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 DICTIONARY, 2 FILTERIDENT, 3 FROMSCHEME, 4 FromPoint, ...
Cross site scripting
Cross-site scripting XSS vulnerability in bsi.dll in Bank Soft Systems BSS RBS BS-Client 3.17.9 allows remote attackers to inject arbitrary web script or HTML via the colorstyle parameter...
CVE-2014-10398
The CVE-2014-10398 entry describes multiple XSS vulnerabilities in Bank Soft Systems (BSS) RBS BS-Client’s bsi.dll (Private Client/ Retail Client, versions 2.5, 2.4 and earlier). The issue allows remote attackers to inject arbitrary script/HTML via parameters DICTIONARY, FILTERIDENT, FROMSCHEME, ...
CVE-2014-4196
Cross-site scripting XSS vulnerability in bsi.dll in Bank Soft Systems BSS RBS BS-Client 3.17.9 allows remote attackers to inject arbitrary web script or HTML via the colorstyle parameter...
CVE-2014-4196
The CVE-2014-4196 entry describes an XSS vulnerability in Bank Soft Systems (BSS) RBS BS-Client 3.17.9, exploitable via the colorstyle parameter in bsi.dll. The impact is as described by the NVD entry; no exploit code or in-the-wild details are provided in the connected documents. Remediation det...
GPAC Code Issue Vulnerability
GPAC is an open source multimedia framework. A code issue vulnerability exists in the 'gfodfavccfgwritebs' function in the odf/descriptors.c file in GPAC versions 0.8.0 and 0.9.0-development-20191109. The vulnerability stems from an improperly designed or implemented code development process for ...
CVE-2019-13489
Trape through 2019-05-08 has SQL injection via the data2 variable in core/db.py, as demonstrated by the /bs t parameter...
CVE-2019-13489
Trape through 2019-05-08 has SQL injection via the data2 variable in core/db.py, as demonstrated by the /bs t parameter...
SUSE SLED15 / SLES15 Security Update : Recommended update for evince (SUSE-SU-2019:1648-1)
This update for evince provides the following fixes : Security issue fixed : CVE-2019-11459: Fixed an improper error handling in which could have led to use of unitialized use of memory bsc1133037. Other issue addressed: Removed Supplements from psdocument package, so that it isn't pulled in by...
PT-2023-1156 · Gpac +2 · Gpac +2
Name of the Vulnerable Software and Affected Versions: gpac/gpac versions prior to 2.3.0-DEV Description: The issue is related to a Use After Free condition in the gpac/gpac multimedia platform, specifically concerning the gf odf vvc cfg read bs function. This condition involves the use of memory...
PT-2023-15160 · Unknown +1 · Gpac Mp4Box +1
Name of the Vulnerable Software and Affected Versions: GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b Description: The issue is related to a buffer overflow in the gf vvc read pps bs internal function, located in the media tools/av parsers.c file. Recommendations: For GPAC MP4box version...
PT-2023-15455 · Unknown +1 · Gpac Mp4Box +1
Name of the Vulnerable Software and Affected Versions: GPAC MP4box version 2.1-DEV-rev644-g5c4df2a67 Description: The issue is related to a Buffer Overflow in the gf bs read data function. No information is provided about the estimated number of potentially affected devices worldwide or real-worl...
open build service information disclosure vulnerability
The open build service is a general-purpose system for building and distributing packages from source code in an automated, consistent and repeatable manner. A security vulnerability exists in the bsworker code in versions of open build service prior to 20170320. An attacker can exploit the...