MLflow 代码注入漏洞

MLflow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code for reproducible executions, and sharing and deploying models. Prior to MLv3.7.0, there was a code injection vulnerability. This vulnerability stemmed from...

CVE-2019-11814

An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. There is persistent XSS via image names in titles, as demonstrated by a screenshot...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the back office interface. An attacker can execute arbitrary scripts by injecting malicious content into image asset names, content language names, or future publishing fields. This may result in persistent...

GHSA-99C7-C3MW-MXHV ezsystems/ezplatform-admin-ui has an XSS vulnerability in Cancel/Reschedule future publication modal

Impact This security advisory resolves an XSS vulnerability in image asset names, content language names and future publishing in the back office of the DXP. Back office access and varying levels of editing and management permissions are required to exploit this vulnerability. This typically mean...

EUVD-2017-18631

Malware in sbrugna...

EUVD-2019-3480

Malware in sbrugna...

TFTP Brute Forcer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TFTP Brute Forcer', 'Description' = 'This module uses a dictionary to brute force valid TFTP image names from a TFTP server.', 'Author' =...

WordPress Optimize Images ALT Text (alt tag) & names for SEO using AI plugin <= 3.1.1 - Unauthenticated Full Path Disclosure vulnerability

Unauthenticated Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin Optimize images ALT Text alt tag & names for SEO using AI versions = 3.1.1...

Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Security 3.68 security and enhancement update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes RHACS. The updated image includes a bug fixes, security patches and new feature enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scorin...

CVE-2019-11814

An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. There is persistent XSS via image names in titles, as demonstrated by a screenshot...

Cross site scripting

An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. There is persistent XSS via image names in titles, as demonstrated by a screenshot...

CVE-2019-11814

An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. There is persistent XSS via image names in titles, as demonstrated by a screenshot...

Subsonic Cross-Site Scripting Vulnerability

Subsonic is a media streaming server that allows users to save music or collect videos on the server. Subsonic suffers from a cross-site scripting vulnerability. A remote attacker could use this vulnerability to persistently inject arbitrary web script or HTML via the name of an uploaded image...

Piwigo cross-site scripting vulnerability (CNVD-2017-01655)

Piwigo is a web-based photo album software from the Piwigo team. The software supports photo publishing, management, multiple browsing options categories, tags, time, and more. A cross-site scripting vulnerability exists in versions of Piwigo prior to 2.8.6. A remote attacker can exploit this...

DEBIAN-CVE-2015-0854

App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Show in Folder" action...

TFTP Brute Forcer

This module uses a dictionary to brute force valid TFTP image names from a TFTP server. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TFTP Brute Forcer', 'Description' = 'This module uses a...