CVE-2023-40703 Denial of Service via specially crafted block fields in Mattermost Boards

Mattermost fails to properly limit the characters allowed in different fields of a block in Mattermost Boards allowing a attacker to consume excessive resources, possibly leading to Denial of Service, by patching the field of a block using a specially crafted string...

PT-2023-30289 · Redis · Redisgraph

Name of the Vulnerable Software and Affected Versions: RedisGraph version 2.12.10 Description: An issue in RedisGraph allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlock ItemIsDeleted. Recommendations: For RedisGraph version 2.12.10, at the...

CVE-2023-47003

An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlockItemIsDeleted...

CVE-2023-6098 Cross-site Scripting on ICSSolution ICS Business Manager

An XSS vulnerability has been discovered in ICS Business Manager affecting version 7.06.0028.7066. A remote attacker could send a specially crafted string exploiting the obddact parameter, allowing the attacker to steal an authenticated user's session, and perform actions within the application...

Cross site scripting

Reflected Cross-Site Scripting XSS vulnerability in dmpop Mejiro Commit Versions Prior To 3096393 allows attackers to run arbitrary code via crafted string in metadata of uploaded images...

CVE-2023-46378

Stored Cross Site Scripting XSS vulnerability in MiniCMS 1.1.1 allows attackers to run arbitrary code via crafted string appended to /mc-admin/conf.php...

MiniCMS 跨站脚本漏洞

MiniCMS is the minimalist content management system for personal websites. A cross-site scripting vulnerability exists in MiniCMS version 1.11, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to run arbitrary...

CVE-2023-46378

Stored Cross Site Scripting XSS vulnerability in MiniCMS 1.1.1 allows attackers to run arbitrary code via crafted string appended to /mc-admin/conf.php...

CVE-2023-46378

Stored Cross Site Scripting XSS vulnerability in MiniCMS 1.1.1 allows attackers to run arbitrary code via crafted string appended to /mc-admin/conf.php...

Buffer overflow

Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf function...

CVE-2018-17878

Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf function...

ABUS TVIP Security Vulnerability

ABUS TVIP is a series of video surveillance cameras from the German company ABUS. A security vulnerability exists in ABUS TVIP that stems from the presence of a buffer overflow vulnerability that allows an attacker to gain control of the program by sending a carefully crafted string...

Inefficient Regular Expression Complexity in node-email-check

ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component...

CVE-2023-39619

ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component...

CVE-2023-39619

ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component...

CVE-2023-39619

ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component...

Sql injection

SQL Injection vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to obtain sensitive information via crafted string in the admin user name field on the admin log in page...

Sql injection

SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function...

CVE-2023-40771

SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function...

CVE-2023-40771

SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function...