27 matches found
CVE-2015-10062 galaxy-data-resource Command Line Template injection
A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14.10.0. This affects an unknown part of the component Command Line Template. The manipulation leads to injection. Upgrading to version 14.10.1 is able to address this issue. The patch is named...
CVE-2015-10062
The CVE-2015-10062 entry relates to galaxy-data-resource up to version 14.10.0, with an injection vulnerability in the Command Line Template component caused by manipulation of an unspecified part. A fix is available: upgrade to version 14.10.1. A patch hash is provided (50d65f45d3f5be5d1fbff2e45...
PT-2023-10241 · Unknown · Galaxy-Data-Resource
Name of the Vulnerable Software and Affected Versions: galaxy-data-resource versions up to 14.10.0 Description: A problematic issue was found in the Command Line Template component of galaxy-data-resource, leading to injection through manipulation of an unknown part. Upgrading to version 14.10.1...
galaxy-data-resource 注入漏洞
galaxy-data-resource is an application by blankenberg individual developers. An injection vulnerability exists in galaxy-data-resource version 14.10.0 and earlier. An attacker can exploit this vulnerability to inject arbitrary commands...
UBUNTU-CVE-2020-1918
In-memory file operations ie: using fopen on a data URI did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, a...
UBUNTU-CVE-2015-6786
The CSPSourceList::matches function in WebKit/Source/core/frame/csp/CSPSourceList.cpp in the Content Security Policy CSP implementation in Google Chrome before 47.0.2526.73 accepts a blob:, data:, or filesystem: URL as a match for a pattern, which allows remote attackers to bypass intended scheme...
security flaw
browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting XSS attacks by opening a blocked popup originating from a javascript: URI in...