PT-2025-6850 · Code Projects · Code-Projects Wazifa System

Name of the Vulnerable Software and Affected Versions: code-projects Wazifa System version 1.0 Description: A vulnerability was found in the processing of the file /Profile.php, where the manipulation of the postcontent argument leads to cross-site scripting. The attack may be initiated remotely...

PT-2024-21782 · Ibm · Ibm Maximo Application Suite

Name of the Vulnerable Software and Affected Versions: IBM Maximo Application Suite version 7.6.1.3 Description: The issue is related to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this to expose sensitive information or consume memory...

OESA-2024-1233 xerces-c security update

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

OESA-2024-1160 xerces-c security update

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

PT-2024-12122 · Unknown · Egerie Risk Manager

Name of the Vulnerable Software and Affected Versions: Egerie Risk Manager version 4.0.5 Description: An issue in Egerie Risk Manager allows attackers to bypass the signature mechanism and tamper with the values inside the JWT payload, resulting in privilege escalation. Recommendations: For Egeri...

PT-2023-11505 · Exempi +6 · Exempi +6

Name of the Vulnerable Software and Affected Versions: exempi versions 2.5.0 and earlier Description: The issue allows remote attackers to cause a denial of service via the opening of crafted webp files. This is due to a Buffer Overflow vulnerability in the WEBP Support.cpp file. Recommendations:...

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature or via SAX using the XERCES_DISABLE_DTD environment variable.

...

PT-2021-3554 · Unknown +5 · Imagemagick +5

Name of the Vulnerable Software and Affected Versions: ImageMagick versions 6.9.11-57 through 7.0.10-57 Description: The issue is related to a divide-by-zero flaw in the gem.c file of ImageMagick, which can be exploited by submitting a crafted file to trigger undefined behavior. This flaw poses a...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free. The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current...

PT-2012-4111

Name of the Vulnerable Software and Affected Versions WinWebMail Server version 3.8.1.6 Description The issue allows remote attackers to inject arbitrary web script or HTML via an e-mail message body using various methods, including a SCRIPT element, crafted Cascading Style Sheets CSS expressions...