24 matches found
CVE-2021-41149 Improper sanitization of target names in tough
Tough provides a set of Rust libraries and tools for using and generating the update framework TUF repositories. The tough library, prior to 0.12.0, does not properly sanitize target names when caching a repository, or when saving specific targets to an output directory. When targets are cached o...
Joyplus CMS is vulnerable to reinstallation
Joyplus CMS Joy Video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . Joyplus CMS has a reinstallation vulnerability. A...
Penske Media Corporation Cross Site Scripting
---------------------------------------------------------------------------------------------------- Title : Penske Media Corporation reflected Cross Site Scripting XSS vulnerabilities Vendor : Penske Media Corporation http://www.pmc.com/ Description : Multiple PMC web-sites are vulnerable to...
Word import with Office Connector can overwrite existing content without permission
It's possible under a specific set of circumstances that a user could perform actions they may otherwise be unauthorized to perform using the document import feature of the Office Connector. The specific actions would be editing or deleting a page they don't have permission to change. Note that...