CVE-2023-5579

A vulnerability was found in yhz66 Sandbox 6.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /im/user/ of the component User Data Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may...

CVE-2023-5579

A vulnerability was found in yhz66 Sandbox 6.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /im/user/ of the component User Data Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may...

Design/Logic Flaw

A vulnerability was found in yhz66 Sandbox 6.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /im/user/ of the component User Data Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may...

CVE-2023-5579 yhz66 Sandbox User Data information disclosure

A vulnerability was found in yhz66 Sandbox 6.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /im/user/ of the component User Data Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may...

CVE-2023-5579 yhz66 Sandbox User Data information disclosure

A vulnerability was found in yhz66 Sandbox 6.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /im/user/ of the component User Data Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may...

CVE-2023-5579

CVE-2023-5579 affects yhz66 Sandbox 6.1.0, specifically the User Data Handler component (file path /im/user/). The vulnerability arises from manipulation of an unknown functionality in that area, leading to information disclosure. The exploit has been publicly disclosed. Connected sources indicat...

PT-2023-32191 · Unknown · Yhz66 Sandbox

Name of the Vulnerable Software and Affected Versions: yhz66 Sandbox version 6.1.0 Description: A vulnerability was found in the User Data Handler component, specifically affecting some unknown functionality of the file /im/user/. This issue leads to information disclosure. Recommendations: For...

GHSA-Q386-W6FG-GMGP XML External Entity (XXE) vulnerability in the XML data handler

TL;DR This vulnerability only affects Kirby sites that use the Xml data handler e.g. Data::decode$string, 'xml' or the Xml::parse method in site or plugin code. The Kirby core does not use any of the affected methods. If you use an affected method and cannot rule out XML input controlled by an...

XML External Entity (XXE) vulnerability in the XML data handler

TL;DR This vulnerability only affects Kirby sites that use the Xml data handler e.g. Data::decode$string, 'xml' or the Xml::parse method in site or plugin code. The Kirby core does not use any of the affected methods. If you use an affected method and cannot rule out XML input controlled by an...

Server side request forgery (ssrf)

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 only affects Kirby sites that use the Xml data handler e.g. Data::decode$string, 'xml' or the Xml::parse method in site or plugin code. The Kirby core does not use any of the...

PT-2023-26471 · Kirby · Kirby

Name of the Vulnerable Software and Affected Versions: Kirby versions prior to 3.5.8.3 Kirby versions prior to 3.6.6.3 Kirby versions prior to 3.7.5.2 Kirby versions prior to 3.8.4.1 Kirby versions prior to 3.9.6 Description: The issue affects Kirby sites that use the Xml data handler or the...

CVE-2022-40363

A buffer overflow in the component nfcdeviceloadmifareuldata of Flipper Devices Inc., Flipper Zero before v0.65.2 allows attackers to cause a Denial of Service DoS via a crafted NFC file...

CVE-2019-14298

Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Descriptionconfig field to addDashboard or editDashboard in CommonDataHandlerReadOnly.ashx...

XML External Entity (XXE)

Jenkins Token Macro Plugin is vulnerable to XML external entity attacks. A remote, unauthenticated attacker could control the content of the input file for the "XML" macro to have Jenkins resolve external entities and exploit of the flawed XML Data Handler component resulting in the extraction of...

WordPress Content Cards Plugin <= 0.9.6 - Cross-Site Scripting vulnerability

A cross site scripting vulnerability was found in WordPress Content Cards plugin in 0.9.6 version. This vulnerability is related to OpenGraph Data Handler functionality. The data is not sanitized properly and it leads to a cross site scripting vulnerability. Solution Update the plugin...

CVE-2017-14858

There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack...

CVE-2016-9416

SQL injection vulnerability in the users data handler in MyBB aka MyBulletinBoard before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

Apple Quicktime Empty URL Data Handler Remote Code Execution Vulnerability

This vulnerability allows remote attackers to potentially disclose memory addresses on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...