216 matches found
SUSE CVE-2006-1729
Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by 1 inserting the target filename into a text box, then turning that box into a file upload control, or 2 changing the type of the...
SUSE CVE-2016-2547
sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service race condition, use-after-free, and system crash via a crafted ioctl call...
Deserialization Of Untrusted Data
manager-pojo is vulnerable to Deserialization Of Untrusted Data. The vulnerability exists because the filterSensitive function of MySQLSinkDTO.java does not properly decode the user input MySQL JDBC URLs, allowing an attacker to control the current state or the flow of the execution...
SAP BusinessObjects Business Intelligence Platform 4.1 < 4.1 SP12 P9 / 4.2 < 4.2 SP8 P5 XSS (2965154)
The version of SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is prior to 4.1 SP12 P9, 4.2 SP8 P5 or 4.2 SP9 P0. It is, therefore, affected by a XSS vulnerability. An authenticated attacker is allowed to inject malicious JavaScript payload into the custom...
Use of Weak Hash
XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input...
CVE-2020-36563 Weak hash (SHA-1) in github.com/RobotsAndPencils/go-saml
XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input...
Stored XSS in Roles
Description Stored cross-site scripting vulnerabilities arise when user input is stored and later embedded into the application's responses in an unsafe way. An attacker can use the vulnerability to inject malicious JavaScript code into the application, which will execute within the browser of an...
ASUS Aura Sync 缓冲区错误漏洞
ASUS Aura Sync is a hardware light synchronization plug-in from the Chinese company Asus ASUS. A security vulnerability exists in ASUS Sync version v1.07.79, which stems from the failure of the MsIo64.sys component to properly validate inputs, allowing an attacker to trigger memory corruption and...
CVE-2022-46161
pdfmake is an open source client/server side PDF printing in pure JavaScript. In versions up to and including 0.2.5 pdfmake contains an unsafe evaluation of user controlled input. Users of pdfmake are thus subject to arbitrary code execution in the context of the process running the pdfmake code...
Remote Code Execution
yiisoft/yii is vulnerable to remote code execution. The vulnerability exists in the wakeup function of CDbCriteria.php, due to improper deserialization of untrusted user input, which allows the attacker to control the state or the flow of execution...
Drag and Drop Multiple File Upload < 1.3.6.5 - File Upload Size Limit Bypass
The plugin does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. As a result, attackers could control the file length limit and bypass the limit set by admins in the contact form. PoC curl -X POST -F "sizelimit=10485760" -F...
CVE-2022-27777
A XSS Vulnerability in Action View tag helpers = 5.2.0 and 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes...
Treekill Enables OS Command Injection
A Code Injection exists in treekill and tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command. Steps To Reproduce: Create the following PoC file: js var kill = require'treekill'; kill'3333332 & echo "HACKED" HACKED.txt & '; Execut...
GHSA-CQP7-HWM3-CFG7 XSS vulnerability in Jenkins Warnings Next Generation Plugin
A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java,...
CVE-2022-1441
MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function diSTboxread to read from video. In this function, it allocates a buffer str with fixed length. However, content read from bs is controllable ...
CVE-2021-44488
An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can control the size and input to calls to memcpy in opfnfnumber in srport/opfnfnumber.c in order to corrupt memory or crash the application...
CVE-2021-44488
An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can control the size and input to calls to memcpy in opfnfnumber in srport/opfnfnumber.c in order to corrupt memory or crash the application...
CVE-2022-22546
Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence BI Launchpad - version 420...
CVE-2022-22546
Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence BI Launchpad - version 420...
CVE-2022-21739
Tensorflow is an Open Source Machine Learning Framework. The implementation of QuantizedMaxPool has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow...