CVE-2023-27480

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit rights on a document can trigger an XAR import on a forged XAR file, leading to the ability to display the content of any file on the XWiki server host...

CVE-2023-5820

The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged reques...

LibTIFF Buffer Overflow Vulnerability (CNVD-2022-72092)

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains a number of command line tools for processing TIFF files.LibTIFF suffers from a buffer overflow vulnerability that originates in TIFFmemset in libtiff/tifunix.c:340 and exists when called from...

Winhex Editor DLL Hijacking Vulnerability

Winhex Editor is a data processing tool centered on a hexadecimal editor. Winhex Editor suffers from a DLL hijacking vulnerability, which can be exploited by an attacker to compromise an affected application and obtain sensitive information by replacing a forged .whx or .whs file with a malicious...

CORE-2008-0123: Leopard Server Remote Path Traversal

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Leopard Server Remote Path Traversal Advisory Information Title: Leopard Server Remote Path Traversal Advisory ID: CORE-2008-0123 Advisory URL:...