5 matches found
EUVD-2022-3625
Malicious code in bioql PyPI...
Microsoft DirectWrite AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readCharset
Microsoft DirectWrite AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readCharset -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library...
CVE-2014-9059
lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting XSS attacks via UTF-7 characters during interaction with AJAX scripts...
Cross site scripting
lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting XSS attacks via UTF-7 characters during interaction with AJAX scripts...
CVE-2014-9059
CVE-2014-9059 affects Moodle builds up to 2.7.3 (and older 2.4.x–2.6.x ranges shown in sources). The vulnerability is that lib/setup.php does not emit charset information in HTTP headers, which could allow remote attackers to perform cross-site scripting (XSS) using UTF-7 characters during intera...