14 matches found
PT-2026-41146
Summary render toc ul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format string — with no HTML escaping applied to either value. When heading ID...
EUVD-2018-3572
Malware in sbrugna...
CVE-2018-11547
mdislinkreferencedefinitionhelper in md4c 0.2.5 has a heap-based buffer over-read because mdislinklabel mishandles loop termination...
CVE-2018-11545
md4c 0.2.5 has a heap-based buffer overflow in mdmergelines because mdislinklabel mishandles the case of a link label composed solely of backslash escapes...
Information Disclosure
mantisbt/mantisbt is vulnerable to Information Disclosure. The vulnerability is due to insufficient access checks when generating hyperlinks for users who do not have access, allowing some information to be revealed via the link, link label, and tooltip...
WordPress Download Manager < 3.2.16 - Admin+ Stored Cross-Site Scripting
The plugin does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfilteredhtml capability is disallowed - Create a new Download, add the following payload in the "Version" and "Link Label" fields from the 'Package...
Heap overflow
md4c 0.2.5 has a heap-based buffer overflow in mdmergelines because mdislinklabel mishandles the case of a link label composed solely of backslash escapes...
CVE-2018-11545
md4c 0.2.5 has a heap-based buffer overflow in mdmergelines because mdislinklabel mishandles the case of a link label composed solely of backslash escapes...
CVE-2018-11545
The CVE-2018-11545 vulnerability affects md4c 0.2.5, a C-based Markdown parser. A heap-based buffer overflow occurs in md_merge_lines when md_is_link_label mishandles link labels composed solely of backslash escapes. This is the concrete flaw described across multiple sources (CNVD, NVD, Red Hat,...
XWiki 4.2-milestone-2 Multiple Stored XSS Vulnerabilities
No description provided by source. Exploit Title: Multiple Stored XSS Vulnerabilities in XWiki. Date: 26/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://www.xwiki.org Software Link: http://enterprise.xwiki.org/xwiki/bin/view/Main/Download Version: 4.2-milestone-2 Gr33Tz:...
XWiki 4.2-milestone-2 Cross Site Scripting
Exploit Title: Multiple Stored XSS Vulnerabilities in XWiki. Date: 26/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://www.xwiki.org Software Link: http://enterprise.xwiki.org/xwiki/bin/view/Main/Download Version: 4.2-milestone-2 Gr33Tz: @aviadgolan , @benhayak,...
XWiki 4.2-milestone-2 - Multiple Persistent Cross-Site Scripting Vulnerabilities
Exploit Title: Multiple Stored XSS Vulnerabilities in XWiki. Date: 26/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://www.xwiki.org Software Link: http://enterprise.xwiki.org/xwiki/bin/view/Main/Download Version: 4.2-milestone-2 Gr33Tz: @aviadgolan , @benhayak,...
XWiki 4.2-milestone-2 - Multiple Persistent Cross-Site Scripting Vulnerabilities
XWiki 4.2-milestone-2 - Multiple Persistent Cross-Site Scripting Vulnerabilities Exploit Title: Multiple Stored XSS Vulnerabilities in XWiki. Date: 26/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://www.xwiki.org Software Link:...
XWiki 4.2-milestone-2 Multiple Stored XSS Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Multiple Stored XSS Vulnerabilities in XWiki. Date: 26/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://www.xwiki.org Software Link: http://enterprise.xwiki.org/xwiki/bin/view/Main/Download Version:...