GHSA-2WJP-W7G7-H63Q thorsten/phpmyfaq vulnerable to improper access control

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to improper access control when FAQ News is marked as inactive in settings and have comments enabled, allowing comments to be posted on inactive FAQs. This has been fixed in 3.1.12...

thorsten/phpmyfaq vulnerable to improper access control

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to improper access control when FAQ News is marked as inactive in settings and have comments enabled, allowing comments to be posted on inactive FAQs. This has been fixed in 3.1.12...

thorsten/phpmyfaq vulnerable to authentication bypass

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to authentication bypass by capture-relay that allows unlimited comments to be sent. This has been fixed in 3.1.12...

Invoke-PSObfuscation - An In-Depth Approach To Obfuscating The Individual Components Of A PowerShell Payload Whether You'Re On Windows Or Kali Linux

Traditional obfuscation techniques tend to add layers to encapsulate standing code, such as base64 or compression. These payloads do continue to have a varied degree of success, but they have become trivial to extract the intended payload and some launchers get detected often, which essentially...

GHSA-9CQM-5WF7-WCJ7 XWiki Platform users may execute anything with superadmin right through comments and async macro

Impact Comments are supposed to be executed with the right of superadmin but in restricted mode anything dangerous is disabled but the async macro is not taking into account the restricted mode. This means that any user with comment right can use the async macro to make it execute any wiki conten...

CVE-2023-26471

XWiki Platform is a generic wiki platform. Starting in version 11.6-rc-1, comments are supposed to be executed with the right of superadmin but in restricted mode anything dangerous is disabled, but the async macro does not take into account the restricted mode. This means that any user with...

CVE-2023-26471 XWiki Platform users may execute anything with superadmin right through comments and async macro

XWiki Platform is a generic wiki platform. Starting in version 11.6-rc-1, comments are supposed to be executed with the right of superadmin but in restricted mode anything dangerous is disabled, but the async macro does not take into account the restricted mode. This means that any user with...

SUSE CVE-2018-17449

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference...

stored HTML-Injection in the Comments Part

i was able to detect a stored HTML Injection by answering available questions. Lets see : ------------ AHMED HASSAN STORED HTML INJECTION 1 will now answer a question Comment sent lets see the stored HTML Injection As you can see the stored HTML Injection is working. Thanks for watching...

CVE-2023-22794

A vulnerability in ActiveRecord 6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizerhints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent t...

Design/Logic Flaw

A vulnerability in ActiveRecord 6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizerhints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent t...

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

A vulnerability in ActiveRecord 6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizerhints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent t...

CVE-2023-22794

CVE-2023-22794 affects ActiveRecord versions

Memory corruption

When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory use after free...

GSD-2023-1001310 media: dvbdev: fix build warning due to comments

media: dvbdev: fix build warning due to comments This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...

CVE-2022-45892

In Planet eStream before 6.72.10.07, multiple Stored Cross-Site Scripting XSS vulnerabilities exist: Disclaimer, Search Function, Comments, Batch editing tool, Content Creation, Related Media, Create new user, and Change Username...

CVE-2022-46058

AeroCMS v0.0.1 was discovered to contain a cross-site scripting XSS vulnerability via addpost.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field...

incorrect commend and/or rounding issues in AutoPxGmx and AutoPxGlp

Lines of code Vulnerability details Impact The comments on the affected lines state previewWithdraw will round up. However, the implementation, an inner call to convertToShares is made, which actually calls mulDivDown. From further inspection, this pair of functions withdraw, previewWithdraw as...

CVE-2022-43492

Auth. subscriber+ Insecure Direct Object References IDOR vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress...

Spoofing

Auth. subscriber+ Insecure Direct Object References IDOR vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress...