EUVD-2023-23476

Malicious code in bioql PyPI...

GHSA-2GX6-QRPP-C4P3 Ant-Media-Server vulnerable to Improper Output Neutralization for Logs

Ant-Media-Server v2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be include...

Ant-Media-Server vulnerable to Improper Output Neutralization for Logs

Ant-Media-Server v2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be include...

CVE-2024-35371

Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be included...

CVE-2024-35371

Ant-Media-Server v2.8.2 is affected by Improper Output Neutralization for Logs due to insufficient input sanitization in the logging mechanism. User-controllable data can be included in log entries without restrictions, potentially exposing sensitive information. The CVE-2024-35371 entry, with a ...

CVE-2024-35371

Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be included...

SvelteKit 跨站脚本漏洞

SvelteKit is an open source web development framework from Svelte. A cross-site scripting vulnerability exists in SvelteKit versions prior to 2.8.3, which stems from the presence of unpurified input data and user-controllable data flow in a particular file, making it susceptible to cross-site...

GHSA-GQRQ-J6PM-98C2 External Control of File Name or Path in h2oai/h2o-3

Remote unauthenticated attackers can overwrite arbitrary server files with attacker-controllable data. The data that the attacker can control is not entirely arbitrary. h2o writes a CSV/XLS/etc file to disk, so the attacker data is wrapped in quotations and starts with "C1", if they're exporting ...

MGASA-2023-0334 Updated xrdp packages fix security vulnerability

The updated packages fix a security vulnerability Access to the font glyphs in xrdppainter.c is not bounds-checked. Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within a...

Out-of-bounds

Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those...

OneWeb: Cross-site scripting (DOM-based)

Issue detail The application may be vulnerable to DOM-based cross-site scripting. Data is read from window.location.hash and passed to $. The exploitability of this issue might depend on the specific version of jQuery that is being used. Issue background DOM-based vulnerabilities arise when a...

Nord Security: Host header injection/redirection | signup and login page

Hey Team. There's a host header injection vulnerability in signup and login page. If possible, the application should avoid incorporating user-controllable data into redirection targets. In many cases, this behavior can be avoided in two ways: Remove the redirection function from the application,...

ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

ILas图书馆自动化集成系统 NTReaderCritic.aspx等2处 时间盲注漏洞

0x01漏洞简介 ILas图书馆自动化集成系统在NTReaderCritic.aspx和NTUniBookRetrInfo.aspx两个页面存在时间延迟注入漏洞。 0x02漏洞详情 NTReaderCritic.aspx sqlmap -u ".../NTReaderCritic.aspx?strRenco=1&strTitle=1" 相关代码如下： protected void PageLoadobject sender, EventArgs e if !base.IsPostBack if base.Request.QueryString"strRenco" != null &&...