PT-2024-32936 · Unknown · Kashipara College Management System

Name of the Vulnerable Software and Affected Versions: Kashipara College Management System version 1.0 Description: A critical issue has been found, affecting an unknown function of the file submit extracurricular activity.php. The manipulation of the activity datetime argument leads to SQL...

Fedora 38 : python-nikola (2024-1eb20f8ec3)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-1eb20f8ec3 advisory. Update to the latest stable version: Features -------- Implement a new plugin manager from scratch to replace Yapsy, which does not work on Python 3.12 due t...

CVE-2024-23181

creationtimestamp| type| source ---|---|--- 2024-01-23 11:21:30+00:00| seen| https://t.me/ctinow/171860 2024-02-17 07:06:52+00:00| seen| https://t.me/ctinow/186795...

USN-6553-1 pydantic vulnerability

Nina Jensen discovered that Pydantic incorrectly handled user input in the date and datetime fields. An attacker could possibly use this issue to cause a denial of service via application crash. CVE-2021-29510...

Ubuntu 20.04 ESM : Pydantic vulnerability (USN-6553-1)

The remote Ubuntu 20.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-6553-1 advisory. Nina Jensen discovered that Pydantic incorrectly handled user input in the date and datetime fields. An attacker could possibly use this issue to cause a denial o...

GHSA-599V-H3Q5-G6R9 Pimcore Cross-site Scripting (XSS) vulnerability in DataObject datetime fields

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.6.8 or apply this patch manually...

Pimcore Cross-site Scripting (XSS) vulnerability in DataObject datetime fields

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.6.8 or apply this patch manually...

USN-6291-1: GStreamer vulnerability

Hanno Bock discovered that GStreamer incorrecly handled certain datetime strings. An attacker could possibly use this issue to cause a denial of service or expose sensitive information...

USN-6291-1 gstreamer1.0 vulnerability

Hanno Bock discovered that GStreamer incorrecly handled certain datetime strings. An attacker could possibly use this issue to cause a denial of service or expose sensitive information...

WordPress Delivery & Pickup Scheduling DateTime Picker Plugin for WooCommerce - Date Time Picker Plugin for WooCommerce Plugin <= 1.0.11 is vulnerable to Cross Site Scripting (XSS)

Software Delivery & Pickup Scheduling DateTime Picker Plugin for WooCommerce - Date Time Picker Plugin for WooCommerce Type Plugin Vulnerable versions = 1.0.11 Fixed in 1.0.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity...

CVE-2023-28131

creationtimestamp| type| source ---|---|--- 2023-05-27 12:04:21+00:00| seen| https://t.me/KomunitiSiber/270 2023-05-27 12:36:19+00:00| seen| Telegram/4JcQAuBxmm8dw44PHvyl2tx5RMR2k6iaSB2MvR2ejzDQ 2023-05-27 12:37:01+00:00| seen| https://t.me/CyberSecurityTechnologies/8371 2023-06-26 02:49:49+00:00...

The vulnerability of the /goform/form2systime.cgi microprogramming software for D-Link DIR-816 A2 routers allows a hacker to execute arbitrary commands.

The vulnerability of the /goform/form2systime.cgi microprogramming system for D-Link DIR-816 A2 exists due to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the date and datetime fields are not properly validated which allows an attacker to inject and execute arbitrary javascript...

krb5 security, bug fix, and enhancement update

1.20.1-8.0.1 - Fixed race condition in krb5setpassword Orabug: 33609767 1.20.1-8 - Fix datetime parsing in kadmin on s390x - Resolves: rhbz2169985 1.20.1-7 - Fix double free on kdb5util key creation failure - Resolves: rhbz2166603 1.20.1-6 - Add support for MS-PAC extended KDC signature...

Description of the security update for SharePoint Server 2019: March 14, 2023 (KB5002358)

Description of the security update for SharePoint Server 2019: March 14, 2023 KB5002358 Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see ​​​​Microsoft Common Vulnerabilities and Exposures CVE-2023-23395. Notes:...

SUSE CVE-2004-0645

Buffer overflow in the wvHandleDateTimePicture function in wv library wvWare 0.7.4 through 0.7.6 and 1.0.0 allows remote attackers to execute arbitrary code via a document with a long DateTime field...

SUSE CVE-2014-0063

Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service crash or possibly execute arbitrary code via vectors related to an incorrect...

SUSE CVE-2014-9471

The parsedatetime function in GNU coreutils allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command...

SUSE CVE-2015-0273

Multiple use-after-free vulnerabilities in ext/date/phpdate.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a 1 R or 2 r type specifier in a DateTimeZone data handled by the...

GHSA-3XQ5-WJFH-PPJC Luxon Inefficient Regular Expression Complexity vulnerability

Impact Luxon's DateTime.fromRFC2822 has quadratic N^2 complexity on some specific inputs. This causes a noticeable slowdown for inputs with lengths above 10k characters. Users providing untrusted data to this method are therefore vulnerable to ReDoS attacks. This is the same bug as Moment's...