137 matches found
CVE-2023-51698 Atril's CBT comic book parsing vulnerable to Remote Code Execution
Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CB...
CVE-2023-3235
A vulnerability was found in mccms up to 2.6.5. It has been rated as critical. Affected by this issue is the function picapi of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploi...
taiwan-comic-city.taicca.tw Cross Site Scripting vulnerability OBB-3190460
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2022-3856
The Comic Book Management System WordPress plugin before 2.2.0 does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin...
CVE-2022-3856
Summary: CVE-2022-3856 affects the WordPress plugin “Comic Book Management System” prior to version 2.2.0. The issue is a SQL injection caused by not sanitizing/escaping a parameter before it is used in a SQL statement, enabling exploitation by users with a role as low as Admin (no user interacti...
CVE-2022-3856 Comic Book Management System < 2.2.0 - Admin+ SQLi
The Comic Book Management System WordPress plugin before 2.2.0 does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin...
WordPress plugin Comic Book Management System SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...
PT-2022-24455 · WordPress · Comic Book Management System
Name of the Vulnerable Software and Affected Versions: The Comic Book Management System WordPress plugin versions prior to 2.2.0 Description: The issue is related to a SQL injection that occurs because a parameter is not properly sanitized and escaped before being used in a SQL statement. This ca...
Comic Book Management System < 2.2.0 - Admin+ SQLi
The plugin does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. https://example.com/wp-admin/admin.php?page=cbmsweeklypicksadmin&action=updatepicks&id=1+AND+SELECT+7741+FROM+SELECTSLEEP3hlAf POST...
merrickcomic.co.uk Cross Site Scripting vulnerability OBB-2981007
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
wisconsincomicconvention.com Cross Site Scripting vulnerability OBB-2762919
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
The Bug Report – June 2022 Edition
The Bug Report – June 2022 Edition By Trellix · July 6, 2022 This story was also written by Sam Quinn. Your Cybersecurity Comic Relief Why am I here? Why do all the most critical vulnerabilities always have to come out on holidays? Just like clockwork, CVE-2022-26134 came out over the U.S.’...
xiaohuanxiong CMS SQL注入漏洞
xiaohuanxiong is an open source comic CMS by guoguo individual developers. xiaohuanxiong version 1.0 is vulnerable to SQL injection, which originates from the id parameter in /app/controller/Books.php. No detailed vulnerability details are available...
[SECURITY] Fedora 36 Update: python-PyMuPDF-1.19.5-2.fc36
This is PyMuPDF, a Python binding for MuPDF - a lightweight PDF and XPS viewer. MuPDF can access files in PDF, XPS, OpenXPS, epub, comic and fiction book formats, and it is known for its top performance and high rendering quality. With PyMuPDF you therefore can also access files with extensions...
xiaohuanxiong CMS cross-site request forgery vulnerability
xiaohuanxiong CMS is a comic book CMS. xiaohuanxiong CMS version 5.0.17 is vulnerable to cross-site request forgery, which stems from a WEB application that does not sufficiently validate that the request is from a trusted user. An attacker could use this vulnerability to modify the password of t...
Mageia: Security Advisory (MGASA-2017-0244)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Friday Squid Blogging: The Far Side Squid Comic
The Far Side is always good for a squid reference. Heres a recent one. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
Mccms has a file upload vulnerability
Mccms is a comic + novel system developed using the Ci framework as its core. Mccms has a file upload vulnerability that can be exploited by attackers to gain control of the server...
Arbitrary File Deletion Vulnerability in Man City CMS
Man City CMS program is a complete and powerful rapid site building system developed with the core of CI framework and running in PHP MYSQL environment. ManCity CMS has an arbitrary file deletion vulnerability, which can be exploited by attackers to delete files arbitrarily...
Mccms has a flawed logic vulnerability
Mccms is a comic + novel system developed using the Ci framework as its core. Mccms has a logic flaw vulnerability that can be exploited by attackers to modify the payment amount...