AWS Advanced NodeJS Wrapper: Privilege Escalation in Aurora PostgreSQL instance

Description of Vulnerability: An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS...

Uncontrolled Search Path Element

Overview aws-advanced-nodejs-wrapper is a Affected versions of this package are vulnerable to Uncontrolled Search Path Element due to unqualified SQL function and operator references in the database dialect components. An attacker can execute malicious code with elevated privileges by creating...

SUSE CVE-2015-7196

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service incorrect garbage collection and application crash or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript...

XSS via Mathematical Typesetting

🔒️ Requirements Feature: Extras Mathematical Typesetting enabled. User interaction: Access vulnerable page || diagram and wheel click on a link. 📝 Description The Mathematical Typesetting feature allows to use inline content such as AsciiMath or LaTeX. Using it allows you to create a tag via \href...

ffmpeg-sdk 命令注入漏洞

ffmpeg-sdk is a ffmpeg wrapper for nodejs by the individual developer Shajan Jacob in India. A security vulnerability exists in ffmpeg-sdk, which stems from the vulnerability of index.js to command injection attacks...

Mozilla Firefox and Firefox Java applet code injection vulnerability

Mozilla Firefox is an open source web browser.Firefox ESR is an extended support version of Firefox. A security vulnerability exists in Mozilla Firefox when using the Java plugin, which can be exploited by remote attackers to redistribute a specially crafted Java applet from the in-use JavaScript...

Firefox ESR < 38.4 Multiple Vulnerabilities

The version of Firefox ESR installed on the remote Windows host is prior to 38.4. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these issues...

CVE-2015-7196

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service incorrect garbage collection and application crash or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript...