Design/Logic Flaw

An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. While initializing tiles with sub-sample data, the application can miscalculate a pointer for the stripes in the tile which...

GHSA-VPJ4-89Q8-RH38 Cross-Site Scripting in bpmn-js-properties-panel

Versions of bpmn-js-properties-panel prior to 0.31.0 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize input in specially configured diagrams, which may allow attackers to inject arbitrary JavaScript in the embedding website. Recommendation Upgrade to version 0.31.0 or lat...

UBUNTU-CVE-2020-15648

Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird 78 and Firefox 78.0.2...

CVE-2020-17353

scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code...

CVE-2020-4525

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...

Mistica - An Open Source Swiss Army Knife For Arbitrary Communication Over Application Protocols

Mística is a tool that allows to embed data into application layer protocol fields, with the goal of establishing a bi-directional channel for arbitrary communications. Currently, encapsulation into HTTP, DNS and ICMP protocols has been implemented, but more protocols are expected to be introduce...

Design/Logic Flaw

An issue was discovered in Verint Impact 360 15.1. At wfo/help/helppopup.jsp, the helpURL parameter can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a site where this produc...

CVE-2019-12773

The CVE-2019-12773 issue affects Verint Impact 360 15.1, specifically the wfo/help/help_popup.jsp page where the helpURL parameter can be manipulated to embed arbitrary content inside an iframe. Root cause is improper handling of the helpURL parameter, enabling an attacker to craft a link that co...

CVE-2020-4380

IBM Workload Scheduler 9.3.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 179160...

The vulnerability of the fribidi_get_par_embedding_levels_ex() function (lib/fribidi-bidi.c) in the GNU FriBidi library allows a attacker to cause a service failure or execute arbitrary code.

The vulnerability of the fribidigetparembeddinglevelsex function lib/fribidi-bidi.c in the GNU FriBidi library is related to buffer overflow vulnerabilities. Exploiting this vulnerability could allow an attacker to cause a service failure or execute arbitrary code...

Hubei Tao code thousand dimensional information technology limited company gold micro cell phone mall system exists arbitrary file deletion vulnerability

Jinwei mobile mall system is suitable for micro-business customers with public number, imitating the page layout of the hand Tao, support embedded video playback. Support customized model specifications, the main specifications support attached pictures, each subdivided model support inventory...

fribidi: buffer overflow in fribidi_get_par_embedding_levels_ex() in lib/fribidi-bidi.c leading to denial of service and possible code execution

A heap-based buffer overflow vulnerability was found in GNU FriBidi, an implementation of the Unicode Bidirectional Algorithm bidi. When the flaw is triggered it's possible to manipulate the heap contents, leading to memory corruption causing a denial of service and to arbitrary code execution. T...

Gener8: Clickjacking to change email address

Summary Clickjacking User Interface redress attack, UI redress attack, UI redressing is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of the...

RUSTSEC-2020-0004 sigstack allocation bug can cause memory corruption or leak

An embedding using affected versions of lucet-runtime configured to use non-default Wasm globals sizes of more than 4KiB, or compiled in debug mode without optimizations, could leak data from the signal handler stack to guest programs. This can potentially cause data from the embedding host to le...

YARASAFE - Automatic Binary Function Similarity Checks with Yara

SAFE is a tool developed to create Binary Functions Embedding developed by Massarelli L., Di Luna G.A., Petroni F., Querzoni L. and Baldoni R. You can use SAFE to create your function embedding to use inside yara rules. If you are interested take a look at our research paper:...

CVE-2019-4555

IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166204...

Vulnerability of the Windows OLE operating system component, allowing a hacker to execute arbitrary code

The vulnerability of the Windows OLE operating system exists due to insufficient checking of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Microsoft Windows and Microsoft Windows Server OLE Remote Code Execution Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, U.S.A. Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server operating systems.OLE is a technology that allows applications to share data and...

CVE-2019-1484

A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'...

WordPress Jetpack plugin <=7.9 - Shortcode embedding system vulnerability

Shortcode embedding system vulnerability found by Adham Sadaqah in WordPress Jetpack plugin versions =7.9. Solution Update the WordPress Jetpack plugin to the latest available version at least 7.9.1...