RSEC-2023-9 Arbitrary Code Execution (ACE) Vulnerability

Bundled Perl script Spreadsheet::ParseExcel version 0.65 is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type "eval". Specifically, the issue stems from the evaluation of Number format strings not to be confused with...

DEBIAN-CVE-2024-47878

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing...

CVE-2024-47878 Reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt)

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing...

CVE-2024-47878 Reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt)

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing...

OpenRefine has a reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt)

Summary The /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing JavaScript code, which would then cause that code to be executed in the victim's browser as...

GHSA-PW3X-C5VP-MFC3 OpenRefine has a reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt)

Summary The /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing JavaScript code, which would then cause that code to be executed in the victim's browser as...

PT-2024-32868 · Unknown +3 · Openrefine +3

Name of the Vulnerable Software and Affected Versions: OpenRefine versions prior to 3.8.3 Description: The issue concerns the /extension/gdata/authorized endpoint, which includes the state GET parameter verbatim in a tag in the output without escaping. This allows an attacker to lead or redirect ...

OpenRefine 跨站脚本漏洞

OpenRefine is a Java-based open source tool from OpenRefine Open Source. The product is mainly used for loading data, analyzing data and cleaning data, etc. A cross-site scripting vulnerability exists in OpenRefine prior to version 3.8.3, which stems from a cross-site scripting attack that can be...

Backdoor.Win32.Jeemp.c MVID-2024-0672 Hardcoded Credential

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/d6b192a4027c7d635499133ca6ce067f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Jeemp.c Vulnerability: Cleartext Hardcoded Credentials Description: The...

SUSE CVE-2007-3257

Camel camel-imap-folder.c in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index...

gdata-s.cleverbridge.com Open Redirect vulnerability

Open Bug Bounty ID: OBB-617452 Description| Value ---|--- Affected Website:| gdata-s.cleverbridge.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...

gdata-cgn.cleverbridge.com Open Redirect vulnerability

Open Bug Bounty ID: OBB-485366 Description| Value ---|--- Affected Website:| gdata-cgn.cleverbridge.com Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Disclosure Standard:| Coordinated Disclosure...

gdata-s.cleverbridge.com Open Redirect vulnerability

Open Bug Bounty ID: OBB-485317 Description| Value ---|--- Affected Website:| gdata-s.cleverbridge.com Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Disclosure Standard:| Coordinated Disclosure base...

Ubuntu: Security Advisory (USN-1547-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mandriva Linux Security Advisory : libgdata (MDVSA-2012:111)

A vulnerability has been discovered and corrected in libgdata : It was found that previously libgdata, a GLib-based library for accessing online service APIs using the GData protocol, did not perform SSL certificates validation even for secured connections. An application, linked against the...

[USN-1547-1] libGData, evolution-data-server vulnerability

========================================================================== Ubuntu Security Notice USN-1547-1 August 28, 2012 libgdata, evolution-data-server vulnerability ========================================================================== A security issue affects these releases of Ubuntu a...

Fedora Update for libgdata FEDORA-2012-3932

Check for the Version of libgdata OpenVAS Vulnerability Test Fedora Update for libgdata FEDORA-2012-3932 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Ubuntu 10.04 LTS / 11.04 / 11.10 : libgdata, evolution-data-server vulnerability (USN-1547-1)

Vreixo Formoso discovered that the libGData library, as used by Evolution and other applications, did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter data transmitted via the GData protocol. No...

USN-1547-1: libGData, evolution-data-server vulnerability

Vreixo Formoso discovered that the libGData library, as used by Evolution and other applications, did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter data transmitted via the GData protocol...

libgdata: Man-in-the-Middle attack

Background libgdata is a GLib-based library for accessing online service APIs using the GData protocol. Description An error in the "gdataservicebuildsession" function of gdata-service.c prevents libgdata from properly validating certificates. Impact A remote attacker could perform...