CVE-2024-38658

CVE-2024-38658 describes an out-of-bounds read in Fuji Electric V-Server and V-Server Lite (versions 4.0.19.0 and earlier). Opening a specially crafted file may disclose information and/or allow arbitrary code execution. Affected components include the remote monitoring software and its graphic e...

CVE-2024-47158

N-LINE 2.0.6 and prior versions contain a code injection vulnerability. If this vulnerability is exploited, arbitrary code may be executed on the instructor's browser, or the instructor may be directed to a malicious website...

CVE-2024-29734

Uncontrolled search path element issue exists in SonicDICOM Media Viewer 2.3.2 and earlier, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application...

CVE-2023-47584

Out-of-bounds write vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed...

CVE-2020-24164

A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface...

CVE-2020-13095

Little Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. This allowed the user to escalate to root by linking the path to a directory containing code executed by root...

Starbucks: Reflected XSS in https://www.starbucks.com/account/create/redeem/MCP131XSR via xtl_amount, xtl_coupon_code, xtl_amount_type parameters

HI, Summary: Reflected XSS Description: the parameters are complementary to each other Platforms Affected: my browser firefox 52.7.3 Steps To Reproduce: 1. go to https://www.starbucks.com/account/create/redeem/MCP131XSR?xtlcouponcode=1&xtlcouponcode=81431&xtlamount=0.0&xtlamounttype=DOLLARVALUE 1...

PHPWebFTP 2.3 - Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/17688/info phpWebFTP is prone to multiple cross-site scripting vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input using the HTTP 'POST' method when submitting a...

Scoop 1.1 RC1 Missing Story Error XSS

No description provided by source. source: http://www.securityfocus.com/bid/16014/info Scoop is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...

SiteBeater News 4.0 Archive.ASP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15697/info SiteBeater News is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrar...

singapore 0.9.x/0.10 Multiple Parameter Traversal Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/18518/info singapore gallery is prone to directory-traversal and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit...

MVNForum 1.0 Search Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13213/info mvnForum is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary scrip...

Pyrox Search 1.0.5 Newsearch.PHP Whatdoreplace Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14343/info A cross-site scripting vulnerability affects Pyrox Search. This issue is due to a failure of the application to properly sanitize user-supplied URI input that will be output in dynamically generated Web pages. ...

Asn Guestbook 1.5 - header.php version Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/14356/info Asn Guestbook is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issu...

Utopia News Pro 1.1.3 footer.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/15027/info Utopia News Pro is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to...

Complete PHP Counter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15112/info Complete PHP Counter is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

CartWIZ 1.10 Access.ASP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13338/info CartWIZ is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script...

ASPNuke 0.80 register.asp Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/14062/info ASPNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to...

Code::Blocks - Denial of Service

Code::Blocks - Denial of Service source: https://www.securityfocus.com/bid/60208/info Code::Blocks is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause an affected application to crash, denying service to legitimate users. Due to the nature of this issue,...

Cross-site Request Forgery (CSRF) Vulnerabilities in BlogBird

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in BlogBird which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF in BlogBird 1.1 The vulnerability exists due to insufficient validation of the request origin in...