69 matches found
CVE-2019-16094
Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c...
CVE-2019-5715
All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject...
CVE-2019-5715
All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject...
Sql injection
All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject...
CVE-2019-5715: Reflected SQL Injection through Form and DataObject
More info at https://www.silverstripe.org/download/security-releases/ss-2018-021...
Magento 2.0.6 - Arbitrary Unserialize Arbitrary Write File
Magento 2.0.6 - Arbitrary Unserialize Arbitrary Write File arbitrary write file // Date: 18/05/206 // Exploit Author: agix discovered by NETANEL RUBIN // Vendor Homepage: https://magento.com // Version: /shipping-information // in the response check the payment method it may vary from checkmo // ...
Design/Logic Flaw
Microsoft Windows Media Player 10 through 12 allows remote attackers to execute arbitrary code via a crafted DataObject on a web site, aka "Windows Media Player RCE via DataObject Vulnerability."...
CVE-2015-1728
Microsoft Windows Media Player 10 through 12 allows remote attackers to execute arbitrary code via a crafted DataObject on a web site, aka "Windows Media Player RCE via DataObject Vulnerability."...
CVE-2015-1728
CVE-2015-1728 affects Microsoft Windows Media Player 10–12. The root cause is improper handling of specially crafted DataObjects, enabling a remote attacker to execute arbitrary code when a user opens a crafted DataObject on a web page. The vulnerability is remote-code-execution with high impact,...