CVE-2023-33336

Reflected cross site scripting XSS vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes...

CVE-2023-33336

Reflected cross site scripting XSS vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes...

Update for RichTextBox controls and ALT codes in Windows 8.1

Update for RichTextBox controls and ALT codes in Windows 8.1 Summary This update fixes the following issues: You have a RichTextBox control in a Windows-based application in Windows 8.1. When you try to check the spelling within the control, the application crashes in the Msftedit.dll file. When...

FreeBSD : buildbot -- CRLF injection in Buildbot login and logout redirect code (5536ea5f-6814-11e9-a8f7-0050562a4d7b)

A CRLF can be injected in Location header of /auth/login and /auth/logout This is due to lack of input validation in the buildbot redirection code. It was not found a way to impact Buildbot product own security through this vulnerability, but it could be used to compromise other sites hosted on t...

PT-2019-12267 · Soy · Soy Cms

Name of the Vulnerable Software and Affected Versions: SOY CMS version 3.0.2 Description: The issue allows remote attackers to execute arbitrary PHP code via a ?php substring in the second text box. It is based on an assumption that the content is made editable on its own. Recommendations: For SO...

CVE-2018-18771

An issue was discovered in LuLu CMS through 2015-05-14. backend\modules\filemanager\controllers\DefaultController.php allows arbitrary file upload by entering a filename, directory name, and PHP code into the three text input fields...

Denial of service vulnerability in the mp110005.sys driver of Micropoint Smart Defense Software Personal Free Edition (CNVD-2018-20119)

Micropoint Intelligent Defense Software Personal Free Edition is a set of third-generation anti-virus software of Micropoint Baihui Beijing Information Security Technology Co., Ltd. and adopts AI Intelligent Defense Technology to independently analyze and judge viruses. A denial of service...

CVE-2018-8874

In 2345 Security Guard 3.6, the driver file 2345Wrath.sys allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222054...

OWASP AntiSamy Security Bypass Vulnerability

OWASP AntiSamy is a library for HTML and CSS coding from the OWASP Foundation in the United States. A security bypass vulnerability exists in OWASP AntiSamy. An attacker can exploit this vulnerability by submitting specially crafted input to bypass the library's security protections and submit...

[SECURITY] [DSA 2624-1] ffmpeg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2624-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 16, 2013 http://www.debian.org/security/faq -...

Webmin 0.x - Code Input Validation

source: https://www.securityfocus.com/bid/4329/info Webmin is a web-based interface for system administration of Unix and Linux operating systems. Webmin does not filter script code from output that may be displayed by the web interface, such as log files, etc. This may enable a local attacker,...