8 matches found
Devs Palace ERP Online 跨站脚本漏洞
Devs Palace ERP Online is a cloud-based enterprise resource planning and business management system developed by Devs Palace. Versions of Devs Palace ERP Online 4.0.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from operations on unknown code located in...
AXE: An Agentic EXploit Engine for Confirming Zero-Day Vulnerability Reports
Vulnerability detection tools are widely adopted in software projects, yet they often overwhelm maintainers with false positives and non-actionable reports. Automated exploitation systems can help validate these reports; however, existing approaches typically operate in isolation from detection...
CVE-2024-22955
swftools 0.9.2 was discovered to contain a stack-buffer-underflow vulnerability via the function parseExpression at swftools/src/swfc.c:2576...
CVE-2024-26339
swftools v0.9.2 was discovered to contain a strcpy parameter overlap via /home/swftools/src/swfc+0x48318a...
Grav File Upload Path Traversal
Summary Grav is vulnerable to a file upload path traversal vulnerability, that can allow an adversary to replace or create files with extensions such as .json, .zip, .css, .gif, etc. This vulnerabiltiy can allow attackers to inject arbitrary code on the server, undermine integrity of backup files...
GHSA-37VQ-HR2F-G7H7 HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL
Summary HtmlUnit 3.8.0 are vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage Details Vulnerability code location: org.htmlunit.activex.javascript.msxml.XSLProcessortransformorg.htmlunit.activex.javascript.msxml.XMLDOMNode The reason for the vulnerability is th...
CVE-2023-39017
quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that...
Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution(CVE-2017-12629)
First Vulnerability: XML External Entity Expansion deftype=xmlparser Lucene includes a query parser that is able to create the full-spectrum of Lucene queries, using an XML data structure. Starting from version 5.1 Solr supports "xml" query parser in the search query. The problem is that lucene x...