11 matches found
EUVD-2026-19069
A vulnerability was determined in Campcodes Complete POS Management and Inventory System up to 4.0.6. This affects an unknown function of the file app/Http/Controllers/SettingsController.php of the component Environment Variable Handler. Executing a manipulation can lead to injection. It is...
WordPress plugin WP Adminify 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
CVE-2025-65230
Barix Instreamer v04.06 and v04.05 contains a stored cross-site scripting XSS vulnerability in the Web UI Configuration Streaming Destination input...
Slackware Linux 15.0 / current xpdf Multiple Vulnerabilities (SSA:2025-319-01)
The version of xpdf installed on the remote host is prior to 4.06. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-319-01 advisory. New xpdf packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the redirect parameter in Commerce Catalogs. An attacker can perform administrative actions, execute arbitrary code, and alter user settings by convincing a user to follow a malicious link. Remediatio...
SUSE CVE-2016-3633
The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service out-of-bounds read via vectors related to the src variable...
SUSE CVE-2016-9534
tifwrite.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1 that didn't reset the tifrawcc and tifrawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."...
GHSA-P64X-8RXX-WF6Q Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...
PT-2019-7663 · WordPress · All-In-One-Wp-Security-And-Firewall
Name of the Vulnerable Software and Affected Versions: all-in-one-wp-security-and-firewall plugin versions prior to 4.0.6 Description: The issue concerns a cross-site scripting XSS problem in the settings pages of the plugin. Recommendations: For versions prior to 4.0.6, update to version 4.0.6 o...
libtiff: out-of-bounds write in the tiff2rgba tool
Multiple integer overflows in the 1 cvtbystrip and 2 cvtbytile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service crash or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write...
Silicon Graphics LibTiff rgb2ycbcr Tool Denial of Service Vulnerability
Silicon Graphics LibTiff is a library for reading and writing TIFF Tagged Image File Format files from the U.S. company Silicon Graphics. The library contains a number of command-line tools to deal with TIFF files. A denial of service vulnerability exists in the 'cvtClump' function in the rgb2ycb...