CVE-2024-33836

In the module "JA Marketplace" jamarketplace up to version 9.0.1 from JA Module for PrestaShop, a guest can upload files with extensions .php. In version 6.X, the method JmarketplaceproductModuleFrontController::init and in version 8.X, the method...

PT-2024-25505 · Prestashop · Ja Marketplace

Name of the Vulnerable Software and Affected Versions: JA Marketplace module for PrestaShop versions up to 9.0.1 Description: The issue allows a guest to upload files with .php extensions, leading to a critical vulnerability. In version 6.X, the method JmarketplaceproductModuleFrontController::in...

Mozilla: Use-after-free in <code>nsDNSService</code>

The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free was identified in the nsDNSService::Init. This issue appears to manifest rarely during start-up...

Google Pixel Buffer Error Vulnerability

Google Pixel is a smartphone from Google Inc. in the United States. Google Pixel suffers from a security vulnerability that stems from a lack of bounds checking in the ProtocolEmbmsGlobalCellIdAdapter::Init method of protocolembmsadapter.cpp, which may result in out-of-bounds reads. This could le...

Anyone Can Call Init() and Lock It Forever For Attack.sol, DAO.sol, Factory.sol, Pools.sol, Router.sol, Vault.sol, and Vader.sol

Handle jvaqa Vulnerability details Impact Anyone Can Call Init and Lock It Forever For Attack.sol, DAO.sol, Factory.sol, Pools.sol, Router.sol, Vault.sol, and Vader.sol When trying to deploy vader contracts, an attacker could call init on each deployed contract and lock it, wasting the deployer's...

Cross site scripting

i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but i...

CVE-2017-16010

CVE-2017-16010 : In i18next, if you call init with interpolation options and do not set escapeValue, the value defaults to undefined, causing user input to be unescaped and enabling cross-site scripting. Affected: i18next 2.0.0 and later. Exploitation details and proof-of-concept are described in...

CVE-2017-16010

Removed by vendor...

USN-2319-2 openjdk-7 regression

USN-2319-1 fixed vulnerabilities in OpenJDK 7. Due to an upstream regression, verifying of the init method call would fail when it was done from inside a branch when stack frames are activated. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Several...

HP LoadRunner lrFileIOService ActiveX WriteFileString Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

AOL dnUpdater ActiveX dnu.exe Init() Method Remote Code Execution

The remote host has an install of the AOL dnUpdater ActiveX control dnu.exe prior to version 1.1.25.1. As such, it reportedly does not properly verify the function pointer passed by the 'pData' argument of the control's 'Init' method. A remote attacker could exploit this vulnerability by tricking...

AOL Products dnUpdater ActiveX Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of America Online's Toolbar, Desktop, IM, and winamp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...

Instant Expert Analysis ActiveX控件任意代码下载和执行漏洞

BUGTRAQ ID: 31752 CVECAN ID: CVE-2008-4385 Instant Expert Analysis允许站点通过单击方式快速分析用户的软硬件。 Instant Expert Analysis对Firefox或Netscape浏览器使用签名的Java Applet（SRLApplet.class，由sysreqlab2.jar或sysreqlab.jar提供），对Internet Explorer使用签名的ActiveX控件（sysreqlab.dll、sysreqlabsli.dll或sysreqlab2.dll）。...