EUVD-2025-143663

Malicious code in @miptaa02/jis npm...

MAL-2025-172640 Malicious code in @miptaa02/jis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 885db6b63f293457d39568bc5e6991edf2cca85fe6a22c0e4288ea3f1d7bef7f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2011-3607

Malware in sbrugna...

SUSE CVE-2004-0224

Multiple buffer overflows in 1 iso2022jp.c or 2 shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."...

SUSE CVE-2007-0455

Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted string with a JIS encoded font...

SUSE CVE-2008-0416

Multiple cross-site scripting XSS vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including 1 a backspace character that is treated as...

SUSE CVE-2009-4142

The htmlspecialchars function in PHP before 5.2.12 does not properly handle 1 overlong UTF-8 sequences, 2 invalid ShiftJIS sequences, and 3 invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting XSS attacks by placing a crafted byte sequence before a special...

Arbitrary Code Execution

php is vulnerable to arbitrary code execution. A buffer over-read flaw was discovered in PHP's gd extension. A script that could be forced to write arbitrary strings using a JIS font from an untrusted source could cause the PHP interpreter to crash...

PHP Exif_Process_User_Comment Null Pointer Dereference (CVE-2016-6292)

A denial of service vulnerability exists in the Exif module of PHP. The vulnerability is due to a null pointer dereference in exifprocessusercomment when trying to handle JIS encoded user comment Exif tags when multi-byte string support is enabled in PHP. A remote, unauthenticated attacker can...

Debian DLA-383-1 : claws-mail security update

'DrWhax' of the Tails project reported that Claws Mail is missing range checks in some text conversion functions. A remote attacker could exploit this to run arbitrary code under the account of a user that receives a message from them using Claws Mail. CVE-2015-8614 There were no checks on the...

[SECURITY] [DLA 383-1] claws-mail security update

Package : claws-mail Version : 3.7.6-4+squeeze2 CVE ID : CVE-2015-8614 CVE-2015-8708 "DrWhax" of the Tails project reported that Claws Mail is missing range checks in some text conversion functions. A remote attacker could exploit this to run arbitrary code under the account...

Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird2)

The remote Solaris system is missing necessary patches to address security updates : - Cross-site scripting XSS vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via...

大汉网络某系统SQL注入漏洞

简要描述： SQL注入，遍历全部系统数据库。JCMS JIS 等。 详细说明： SQL注入: /vc/vc/interface/index/questylecoltop.jsp 代码分析： String strWebId = Convert.getParameterrequest, "webid".trim;//webid没有过滤 String strColumnId = Convert.getParameterrequest, "colid".trim; String strWebSiteUrl = ""; .... .... //获取栏目排行数据 if strMsg == null...

大汉网络多个系统高危SQL注入（2个）

简要描述： 大汉网络多个系统高危SQL注入（2个） 详细说明： 经测试，发现jcms xxgk jis lm jbook jphoto jget jearch等系统存在高危SQL注入 漏洞文件为 /workflow/objectbox/selxgroupuserlist.jsp?groupid=1&changetype=1 /workflow/objectbox/selectxgroupuserlist.jsp?groupid=1&changetype=1 /workflow/objectbox/selectxgrouplist.jsp?groupid=1&changetype=1...

Hanweb-jis /jis/objectbox/selx_list.jsp SQL注入漏洞

No description provided by source...

hanweb jis /objectbox/selectx_search.jsp SQL注入漏洞

No description provided by source...

CVE-2014-3811

CVE-2014-3811 affects Juniper Installer Service (JIS) Client on Windows (7.x before 7.4R6) and Junos Pulse Client before 4.0R6, enabling local privilege escalation. Root cause is not detailed in the provided sources. Impact is high (local, full confidentiality/integrity/availability). Remediation...

JIS /selx_userlist.jsp SQL注入漏洞

No description provided by source...

openSUSE Security Update : MozillaFirefox (openSUSE-SU-2011:1243-1)

MozillaFirefox was updated to version 8 bnc728520 to fix the following security issues : dbg114-MozillaFirefox-5399 MozillaFirefox-5399 newupdateinfo MFSA 2011-47/CVE-2011-3648 bmo690225 Potential XSS against sites using Shift-JIS dbg114-MozillaFirefox-5399 MozillaFirefox-5399 newupdateinfo MFSA...

openSUSE Security Update : firefox / thunderbird (openSUSE-2011-9)

Mozilla Firefox and Thunderbird were updated to version 8.0 which fixes several security vulnerabilities : - MFSA 2011-52 - Code execution via NoWaiverWrapper CVE-2011-3655 - MFSA 2011-51 - Cross-origin image theft on Mac with integrated Intel GPU CVE-2011-3653 - MFSA 2011-50 - Cross-origin data...