14 matches found
Directory Traversal
Overview AstrBot is a 易上手的多平台 LLM 聊天机器人及开发框架 Affected versions of this package are vulnerable to Directory Traversal via the encodeimagebs64 function. An attacker can access sensitive files by supplying a crafted file path in the request body. Details A Directory Traversal attack also known as pa...
CVE-2025-57697
AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function encodeimagebs64. Since the encodeimagebs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimac...
The vulnerability of the gsf_base64_encode_simple function in the structured file library. The GNOME Project’s libgsf allows attackers to influence the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the gsfbase64encodesimple function in the structured file library: The GNOME Project’s libgsf is related to buffer overflows in dynamic memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of protected...
python-django: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()``
An uncontrolled resource consumption vulnerability was found in Django. Feeding certain inputs with a very large number of Unicode characters to the URI to IRI encoder function can lead to a denial of service...
CVE-2023-41115
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. When using UTLENCODE, an authenticated user can read any large object, regardless of that user's permissions...
Django Security Vulnerabilities
Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, and more. A security vulnerability exists in Django that stems from a denial of service vulnerability in...
LibTIFF 安全漏洞
LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains some command line tools for working with TIFF files. A security vulnerability exists in LibTIFF version 4.5.0, which stems from a buffer overflow vulnerability in the uvencode function...
Aide 缓冲区错误漏洞
Aide is a tool for monitoring file system changes. It can be used to detect unauthorized monitored files and directories. Aide has a buffer error vulnerability that stems from a heap-based buffer overflow vulnerability in AIDE's base64 function. An attacker could crash the program and possibly...
Denial Of Service (DoS)
libvncserver.so is vulnerable to denial of service DoS attack. The issue exists as an out-of-bounds access can occur from the encoding function in libvncserver/hextile.c...
Denial Of Service (DoS)
libvncserver.so is vulnerable to denial of serviceDoS attack. The issue exists as an out-of-bounds access from the encoding function in libvncserver/corre.c...
Snapforce CRM 8.3.0 Cross Site Scripting
Hello Team, Greetings. there is list of xss vulnerabilities and Concurrent login vulnerabilities are in snapforce version 8.3.0 application. Vulnerability List: 1. Stored Cross Site Scripting 2. Stored Cross Site Scripting thorough UI Redirection. 3 Concurrent Login are Allowed Effected URL:...
Locky Ransomware Distributed Via DOCM Attachments in Latest Email Campaigns
Throughout August, FireEye Labs has observed a few massive email campaigns distributing Locky ransomware. The campaigns have affected various industries, with the healthcare industry being hit the hardest based on our telemetry, as seen in Figure 1. Figure 1. Top 10 affected industries Numerous...
Locky Ransomware Distributed Via DOCM Attachments in Latest Email Campaigns
Throughout August, FireEye Labs has observed a few massive email campaigns distributing Locky ransomware. The campaigns have affected various industries, with the healthcare industry being hit the hardest based on our telemetry, as seen in Figure 1. Figure 1. Top 10 affected industries Numerous...
DEBIAN-CVE-2009-0688
Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service application crash via strings that are used as input to the saslencode64 function in lib/saslutil.c...