4444 matches found
PT-2023-27023 · Gpac +1 · Gpac +1
Name of the Vulnerable Software and Affected Versions: GPAC version 2.3-DEV-rev449-g5948e4f70-master Description: The issue is related to a heap-use-after-free vulnerability via the gf bs align function at bitstream.c. This allows attackers to cause a Denial of Service DoS by supplying a crafted...
Memory leak in btrfs_get_dev_args_from_path()
...
Authentication cookie without Secure flag
Description Access and login to the website. Press F12 on your keyboard or right-click on the website to open dev-tool. At Application tab, choose Cookies and there are some sensitive cookies without Secure flag. Proof of Concept Link photo:...
PT-2023-11607 · Artifex +1 · Mupdf +1
Name of the Vulnerable Software and Affected Versions: Artifex Software MuPDF version 1.16.0 Description: A Use After Free vulnerability in the svg dev text span as paths defs function in source/fitz/svg-device.c allows remote attackers to cause a denial of service via the opening of a crafted PD...
MAL-2023-1505 Malicious code in owncloud-js-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 26163abe3e5a983c952c08703d6b6763543c0fc989b54027001520a78d7b145a The OpenSSF Package Analysis project identified 'owncloud-js-dev' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in owncloud-js-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 26163abe3e5a983c952c08703d6b6763543c0fc989b54027001520a78d7b145a The OpenSSF Package Analysis project identified 'owncloud-js-dev' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
Typora 路径遍历漏洞
Typora is an editor. A path traversal vulnerability previously existed in Typora version 1.7.0-dev, which stemmed from the presence of a path mishandling vulnerability...
CVE-2023-4394
A use-after-free flaw was found in btrfsgetdevargsfrompath in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a system crash or leak internal kernel information...
CVE-2023-33663
In the module “Customization fields fee for your store” aicustomfee from ai-dev module for PrestaShop, an attacker can perform SQL injection up to 0.2.0. Release 0.2.1 fixed this security issue...
Sql injection
In the module “Customization fields fee for your store” aicustomfee from ai-dev module for PrestaShop, an attacker can perform SQL injection up to 0.2.0. Release 0.2.1 fixed this security issue...
CVE-2023-33663
In the module “Customization fields fee for your store” aicustomfee from ai-dev module for PrestaShop, an attacker can perform SQL injection up to 0.2.0. Release 0.2.1 fixed this security issue...
Arbitrary File Reads
github.com/1panel-dev/1panel is vulnerable to Arbitrary File Reads. The vulnerability exists in LoadFromFile at file.go due to not restricting the request parameters which allows an attacker to directly read arbitrary files on the system...
Important: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update
Migration Toolkit for Applications 6.2.0 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
CVE-2020-24804
Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs...
CVE-2020-24804
Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs...
Unrestricted file upload
Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs...
CVE-2020-24804
Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs...
CVE-2020-24804
Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs...
CVE-2020-24804
CVE-2020-24804 affects cms-dev/cms v1.4.rc1. The issue is in AddAdmin.py where plaintext passwords are written to audit logs, allowing an attacker to obtain sensitive information from logs. CVSSv3.1: 6.5 (MEDIUM); vector: Network, Low attack complexity, Local privileges, No user interaction, Conf...
(0Day) Microsoft GitHub Dev-Containers Improper Privilege Management Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft GitHub. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of Dev-Containers. The application does not enforce the privileged flag with...