Adobe InDesign 缓冲区错误漏洞

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from a buffer overflow vulnerability that stems from a lack of proper validation of user-supplied data, which can be exploited by an attacker to trigger a write beyond the en...

Adobe RoboHelp Cross-Site Scripting Vulnerability (CNVD-2022-60077)

Adobe RoboHelp is a help authoring tool developed and released for Windows by the American company Audobee Adobe. A cross-site scripting vulnerability exists in Adobe RoboHelp version 2020.0.7 and earlier, which stems from the program's lack of checksum filtering of user-supplied data and output...

Adobe InCopy 缓冲区错误漏洞

Adobe InCopy is a text editing software for creative writing from Adobe, USA. Adobe InCopy suffers from a buffer overflow vulnerability that stems from a lack of proper validation of user-supplied data, which can be exploited by an attacker to trigger a write beyond the end of the allocated buffe...

Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

IBM i 跨站脚本漏洞

IBM i is a set of operating systems from IBM running in IBM Power Systems and IBM PureSystems. IBM i versions 7.2, 7.3, 7.4, and 7.5 have a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could exploi...

CVE-2022-34819

A vulnerability has been identified in SIMATIC CP 1242-7 V2 All versions = V2.0 = V2.0 = V2.0 = V2.0 = V2.0 V2.2.28, SIPLUS NET CP 1242-7 V2 All versions V3.3.46, SIPLUS NET CP 1543-1 All versions V3.0.22, SIPLUS S7-1200 CP 1243-1 All versions V3.3.46, SIPLUS S7-1200 CP 1243-1 RAIL All versions...

IBM CICS TX Advanced Cross-Site Scripting Vulnerability

IBM CICS TX Advanced is a comprehensive, single transaction runtime package from IBM USA. It can provide a cloud-native deployment model for standalone applications. A cross-site scripting vulnerability exists in all versions of IBM CICS TX Advanced, which stems from the program's lack of data...

Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

Magnolia CMS Cross-Site Scripting Vulnerability

Magnolia CMS is an application from the Swiss company Magnolia that provides a framework for building websites. version 6.2.19 of Magnolia CMS contains a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacke...

ZEIT Next.js NextAuth.js Cross-Site Scripting Vulnerability

ZEIT Next.js is a ZEIT company based on Vue.js, Node.js, Webpack and Babel.js open source web application framework . NextAuth.js is Next.js authentication . ZEIT Next.js NextAuth.js suffers from a cross-site scripting vulnerability. The vulnerability stems from the program's lack of data...

Zabbix Frontend Cross-Site Scripting Vulnerability (CNVD-2022-58412)

Zabbix Frontend is a monitoring software front-end tool from the American company Zabbix. A cross-site scripting vulnerability exists in Zabbix Frontend that stems from a graphical page that lacks checksum filters for user-supplied data and output. An authenticated attacker can exploit this...

PESCMS cross-site scripting vulnerability

A cross-site scripting vulnerability exists in PESCMS version V2.3.3, a content publishing platform. The vulnerability stems from App/Team/GET/Report.php missing a data validation filter for user-supplied data and output. An attacker could exploit the vulnerability to execute JavaScript code on t...

JFrog Artifactory Cross-Site Scripting Vulnerability

JFrog Artifactory is an open source general-purpose Artifact repository manager from Israel-based JFrog that supports clustering and high-availability Docker registries and provides an end-to-end solution for tracking artifact automation from development to production.JFrog Artifactory suffers fr...

Exploitation of Mitel MiVoice Connect SA CVE-2022-29499

In April 2022, telecommunications company Mitel published a security advisory on CVE-2022-29499, a data validation vulnerability in the Service Appliance component of MiVoice Connect, a business communications product. The vulnerability, which was unpatched at time of publication, arose from...

VICIdial Cross-Site Scripting Vulnerability

Vicidial is a software suite from Vicidial, Inc. Designed to interact with the Asterisk open source Pbx phone system as a complete inbound/outbound contact center suite with inbound email support. A cross-site scripting vulnerability exists in VICIdial versions prior to 2.14b0.5, which stems from...

Zoo Management System Cross-Site Scripting Vulnerability

PHPGURUKUL Zoo Management System is a zoo management system by Phpgurukul team. A cross-site scripting vulnerability exists in Zoo Management System v1.0, which stems from a lack of checksum filtering of user-supplied data and output in the Add Category feature. The vulnerability can be exploited...

The vulnerability of the mod_proxy module in the Apache HTTP Server allows attackers to circumvent security restrictions.

The vulnerability of the modproxy module in the Apache HTTP Server is related to insufficient validation of data authenticity or the use of unreliable sources for processing X-Forwarded- headers. Exploiting this vulnerability allows a malicious actor to bypass security restrictions remotely...

JFrog Artifactory 跨站脚本漏洞

JFrog Artifactory is an open source general-purpose Artifact repository manager from Israel-based JFrog that supports clustering and high-availability Docker registries and provides an end-to-end solution for tracking artifact automation from development to production.JFrog Artifactory suffers fr...

ScratchTools Cross-Site Scripting Vulnerability

ScratchTools is a web extension to the STForScratch open source. Designed to make interaction with the Scratch programming language community Scratching easier, ScratchTools suffers from a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of...