676 matches found
CVE-2020-36204
An issue was discovered in the im crate through 2020-11-09 for Rust. Because TreeFocus does not have bounds on its Send trait or Sync trait, a data race can occur...
CVE-2019-9204
SQL injection vulnerability in Nagios IM component of Nagios XI before 2.2.7 allows attackers to execute arbitrary SQL commands...
CVE-2019-9203
Authorization bypass in Nagios IM component of Nagios XI before 2.2.7 allows closing incidents in IM via the API...
CVE-2019-10787
im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization...
CVE-2019-10788
im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function...
CVE-2012-6273
SQL injection vulnerability in BigAntSoft BigAnt IM Message Server allows remote attackers to execute arbitrary SQL commands via an SHU aka search user request...
CVE-2019-9202
Nagios IM component of Nagios XI before 2.2.7 allows authenticated users to execute arbitrary code via API key issues...
CVE-2013-1161
The XML parser in the Cisco Jabber IM application for Android allows remote authenticated users to cause a denial of service blocked connection by leveraging an entry on a Buddy list and sending a crafted XMPP presence update message, aka Bug ID CSCue38383...
CVE-2012-6274
BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to create arbitrary files under AntServer\DocData\Public via unspecified vectors...
CVE-2012-6275
Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft BigAnt IM Message Server allow remote attackers to have an unspecified impact via 1 the filename header in an SCH request or 2 the userid component in a DUPF request...
CVE-2007-5543
Stack-based buffer overflow in Miranda IM 0.6.8 and 0.7.0 allows remote attackers to execute arbitrary code via a crafted Yahoo! Messenger packet. NOTE: this might overlap CVE-2007-5590...
CVE-2007-5542
Stack-based buffer overflow in Miranda IM 0.6.8 allows remote attackers to execute arbitrary code via a crafted Yahoo! Messenger packet. NOTE: this might overlap CVE-2007-5590...
Ubuntu: Security Advisory (USN-7430-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-35593
An arbitrary file upload vulnerability in the File preview function of Raingad IM v4.1.4 allows attackers to execute arbitrary code via uploading a crafted PDF file...
CVE-2024-35592
An arbitrary file upload vulnerability in the Upload function of Box-IM v2.0 allows attackers to execute arbitrary code via uploading a crafted PDF file...
Malicious code in @im-dims/bail (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2024-12463 Arena.IM – Live Blogging for real-time events <= 0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via arena_embed_amp Shortcode
The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arenaembedamp' shortcode in all versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2024-12463 Arena.IM – Live Blogging for real-time events <= 0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via arena_embed_amp Shortcode
The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arenaembedamp' shortcode in all versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This...
PT-2024-17640 · WordPress · Arena.Im
Name of the Vulnerable Software and Affected Versions: Arena.IM – Live Blogging for real-time events plugin for WordPress versions up to, and including, 0.3.0 Description: The issue is due to missing or incorrect nonce validation on the albfre user action AJAX action. This allows unauthenticated...
WordPress plugin Arena.IM – Live Blogging for real-time events 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...