Design/Logic Flaw

Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file...

PT-2023-12688 · Ibm · Ibm Sterling B2B Integrator Standard Edition

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator Standard Edition versions 6.0.0.0 through 6.1.2.1 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials...

MTN Group: Reflected cross site scripting (XSS) attacks Reflected XSS attacks,

The vulnerability summary is as follows: Reflected XSS attacks occur when a malicious script was reflected off of a web application to the victim's browser. The vulnerability was typically a result of incoming requests not being sufficiently sanitized, which allowed for the manipulation of a web...

ZKTeco ZKBio Time 跨站脚本漏洞

ZKTeco ZKBio Time is a powerful web-based time and attendance management software from ZKTeco, China. A security vulnerability exists in ZKTeco ZKBio Time prior to version 3.1-164, which originates from a vulnerability that allows users to embed malicious code in the Web UI...

CVE-2022-41735 IBM Business Process Manager cross-site scripting

IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

The vulnerability of the OLE DB driver for SQL Server on the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the OLE DB driver for SQL Server on the Windows operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the OLE DB driver for SQL Server on the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the OLE DB driver for SQL Server on the Windows operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the OLE DB driver for SQL Server on the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the OLE DB driver for SQL Server on the Windows operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

RUSTSEC-2022-0076 Bug in Wasmtime implementation of pooling instance allocator

Bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mapping for WebAssembly memories did not meet the compiler-required configuration...

CVE-2022-43754

CVE-2022-43754 describes an XSS vulnerability in spacewalk/Uyuni within the SUSE Manager Server ecosystem (SUSE Manager Server 4.2 and 4.3). The issue is caused by improper neutralization of input during web page generation, allowing remote attackers to embed Javascript via the path /rhn/audit/sc...

PT-2022-22937 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted sessio...

PT-2022-20207 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted sessio...

PT-2022-10051 · Seppmail · Seppmail

Name of the Vulnerable Software and Affected Versions: SEPPMail affected versions not specified Description: The issue arises from incorrect embedding of user input in the web page, leading to cross-site scripting vulnerabilities XSS. Recommendations: At the moment, there is no information about ...

CVE-2022-38031

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...

CVE-2022-37982

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...

CVE-2022-35722

IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231381...

CVE-2022-40736

An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in AP4CttsAtom::Create in Core/Ap4CttsAtom.cpp...

CVE-2022-34731

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...

Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Windows OLE. The following products and versions are affected: Windows 11 for ARM64-based Systems,Windows 10 Version 21H2...

Microsoft Windows 代码注入漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A code injection vulnerability exists in Microsoft Windows OLE. The following products and editions are affected:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for...