CVE-2023-46865

/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image...

CVE-2021-42550

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers...

CVE-2020-28647

MOVEit Transfer (pre-2020.1) is affected by a stored XSS vulnerability: a malicious payload crafted by an attacker can be stored in the app and, when a user interacts with it, execute arbitrary code in the victim’s browser. Public advisories and a GitHub exploit example describe the existence of ...

CVE-2020-11073

CVE-2020-11073 affects Autoswitch Python Virtualenv prior to 0.16.0. A user entering a directory containing a malicious .venv file could execute arbitrary code locally without user interaction. Impact and exploitation details are supported by multiple sources in the connected documents (Red Hat C...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-57 Miscellaneous memory safety hazards rv:15.0/ rv:10.0.7 MFSA 2012-58 Use-after-free issues found using Address Sanitizer MFSA 2012-59 Location object can be shadowed using Object.defineProperty MFSA 2012-60 Escalation of privilege through about:newtab MFSA...

DSA-1790-1 xpdf - multiple vulnerabilities

Bulletin has no description...

Debian DSA-862-1 : ruby1.6 - programming error

Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The following matrix lists the fixed versions in our distributions : old stable woody...