Microsoft SQL Server 安全漏洞

Microsoft SQL Server is a large commercial database system from Microsoft that is used under Microsoft Windows. A security vulnerability exists in Microsoft SQL Server. The following products and versions are affected: Microsoft OLE DB Driver 18 for SQL Server,Microsoft OLE DB Driver 19 for SQL...

PT-2023-2437 · Microsoft · Windows +1

Name of the Vulnerable Software and Affected Versions: Microsoft WDAC OLE DB provider for SQL Server affected versions not specified Description: The issue exists due to insufficient input validation in the OLE DB driver for SQL Server in the Windows operating system. This allows a remote attacke...

PT-2023-2559 · Microsoft · Odbc +2

Name of the Vulnerable Software and Affected Versions: Microsoft ODBC and OLE DB affected versions not specified Description: The issue exists due to insufficient input validation in the Windows operating system's ODBC and OLE DB drivers. Exploitation of this issue may allow an attacker to execut...

Stimulsoft GmbH Stimulsoft Designer 代码问题漏洞

Stimulsoft GmbH Stimulsoft Designer is a robust product from Stimulsoft that runs on any computer and any platform. Engine, report designer and viewer for generating reports and analyzing data. A security vulnerability exists in Stimulsoft Designer Web version 2023.1.3, which stems fromThe...

Cross site scripting

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...

SVG script injection in Bio.tokenURI

Lines of code Vulnerability details Impact Bio.tokenURI function returns an encoded SVG that is supposed to be parsed by a browser or another tool. A hacker can inject a malicious script in the SVG element by minting Bio NFT with a bio with a javascript .... Depending on how this SVG element is...

Site Reviews < 6.6.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

SUSE CVE-2006-4514

Heap-based buffer overflow in the oleinforeadmetabat function in Gnome Structured File library libgsf 1.14.0, and other versions before 1.14.2, allows context-dependent attackers to execute arbitrary code via a large nummetabat value in an OLE document, which causes the oleinitinfo function to...

SUSE CVE-2008-2806

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin JEP and Java LiveConnect...

SUSE CVE-2011-0076

Unspecified vulnerability in the Java Embedding Plugin JEP in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, on Mac OS X allows remote attackers to bypass intended access restrictions via unknown vectors...

SUSE CVE-2019-18397

A buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application...

SUSE CVE-2022-23559

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...

CVE-2023-21686

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...

CVE-2022-44268

ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image e.g., for resize, the resulting image could have embedded the content of an arbitrary. file if the magick binary has permissions to read it. Recent assessments: MadDud at February 03, 2023 2:34pm UTC reported...

AVideo contains Command injection when embedding a video link

Impact: An attacker could execute remote code on a system running wwbn/avideo Step to Reproduce: 1. Go to the My Videos tab https://demo.avideo.com/mvideos 2. Click "Embed a video link" Append a command to the url as a query string. eg. ?whoami then click Save This issue has been resolved in comm...

GHSA-PGVH-P3G4-86JW AVideo contains Command injection when embedding a video link

Impact: An attacker could execute remote code on a system running wwbn/avideo Step to Reproduce: 1. Go to the My Videos tab https://demo.avideo.com/mvideos 2. Click "Embed a video link" Append a command to the url as a query string. eg. ?whoami then click Save This issue has been resolved in comm...

CVE-2023-23074

Cross site scripting XSS vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component...

Cross site scripting

Cross site scripting XSS vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component...

CVE-2023-23074

Cross site scripting XSS vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component...

ZOHO ManageEngine ServiceDesk Plus 跨站脚本漏洞

ZOHO ManageEngine ServiceDesk Plus SDP is the United States ZhuoHao ZOHO company's set of ITIL-based architecture of IT service management software. The software integrates Incident Management, Problem Management, Asset Management IT Project Management, Procurement and Contract Management and oth...