fast-xml-parser 安全漏洞

fast-xml-parser is an open-source library developed by Natural Intelligence. It is used for quickly validating, parsing, and processing XML files without relying on C/C++-based libraries or callbacks. Versions of fast-xml-parser prior to 5.7.0 contained security vulnerabilities. These...

Directory Traversal

Overview argus-overview is a Professional multi-boxing tool for EVE Online Linux & Windows Affected versions of this package are vulnerable to Directory Traversal via the charactermanager.py file handling logic. An attacker can perform path traversal by supplying character names containing...

EUVD-2021-14464

Malware in sbrugna...

Implementation error in Namespace.fuse() leads to a wrong unicode representation

Lines of code Vulnerability details Impact The font class of a tile will be always considered as 0 emoji when a user registers a name. Proof of Concept To register a name, fuse is used taking as input the data of the characters. The name to register is a string created by converting the character...

Namespace fuse ignores font class attribute from tile data

Lines of code Vulnerability details Impact The fuse function present in the Namespace contract mints a new Namespace NFT based on the given character data that references Tray tiles owned by the caller. For each character, the implementation will use the characterToUnicodeBytes function from the...

Users can fuse an NFT without burning a tray NFT

Lines of code Vulnerability details Impact Users can fuse an NFT without burning a tray NFT Proof of Concept The Namespace protocol allows user to fuse a new Namespace NFT with the referenced tiles. Inside the fuse function, the protocol first transfer fusing costs from msg.sender to revenue...

SUSE CVE-2013-6438

The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service daemon crash via a crafted DAV WRITE request...

SUSE CVE-2014-1741

Multiple integer overflows in the replace-data functionality in the CharacterData interface implementation in core/dom/CharacterData.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vecto...

SUSE CVE-2020-12625

An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting XSS vulnerability in rcubewashtml.php because JavaScript code can occur in the CDATA of an HTML message...

GHSA-MM8J-9X84-M9CV Arbitrary code injection in json-sanitizer

OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents...

PYSEC-2020-28

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...

Bento4 Core/Ap4HdlrAtom.cpp File Heap Buffer Overflow Vulnerability Vulnerability

Bento4 is an open source C++ library for reading and writing MP4 files. A security vulnerability exists in the AP4HdlrAtom class of the Core/Ap4HdlrAtom.cpp file in Bento4, which stems from the program using an incorrect character data type. An attacker could exploit this vulnerability to cause a...

CVE-2017-14639

AP4VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617 uses incorrect character data types, which causes a stack-based buffer underflow and out-of-bounds write, leading to denial of service application crash or possibly unspecified other impact...

UBUNTU-CVE-2014-1741

Multiple integer overflows in the replace-data functionality in the CharacterData interface implementation in core/dom/CharacterData.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vecto...

CVE-2011-0615

Multiple buffer overflows in Adobe Audition 3.0.1 and earlier allow remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via crafted data in unspecified fields in the TRKM chunk in an Audition Session aka .ses file, related to inconsisten...

Buffer overflow

Multiple buffer overflows in Adobe Audition 3.0.1 and earlier allow remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via crafted data in unspecified fields in the TRKM chunk in an Audition Session aka .ses file, related to inconsisten...

Moderate: Red Hat Security Advisory: icu security update

Updated icu packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The International Components for Unicode ICU library provides robust and full-featured Unicode...

MuOnline Loopholes Web Server (pkok.asp) SQL Injection Exploit

No description provided by source. !-- Save this code as .htm and replace SITE/SQLCODE to your server address Some SQL Examples: -Changing character data- update character set...

MuOnline Loopholes Web Server - pkok.asp SQL Injection

MuOnline Loopholes Web Server - pkok.asp SQL Injection milw0rm.com 2005-10-15...