Sql injection

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules...

CVE-2022-33147

WWBN AVideo 11.6 (and dev master commit 3f7c0364) is affected by CVE-2022-33147 via the ObjectYPT/Video encoding path. The vulnerability is a SQL injection in the aVideoEncoder.save flow, where unsanitized inputs setDuration and setVideoDownloadedLink can be embedded into SQL during INSERT/UPDATE...

CVE-2022-32778

An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the...

CVE-2022-32772

A cross-site scripting xss vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger...

WWBN AVideo videoAddNew cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2022-1540 WWBN AVideo videoAddNew cross-site scripting XSS vulnerability August 16, 2022 CVE Number CVE-2022-28712 SUMMARY A cross-site scripting xss vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A...

WWBN AVideo ObjectYPT SQL injection vulnerability

Talos Vulnerability Report TALOS-2022-1551 WWBN AVideo ObjectYPT SQL injection vulnerability August 16, 2022 CVE Number CVE-2022-33147,CVE-2022-34652,CVE-2022-33149,CVE-2022-33148 SUMMARY A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit...

UBUNTU-CVE-2021-40426

A heap-based buffer overflow vulnerability exists in the sphere.c startread functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2021-40426

A heap-based buffer overflow vulnerability exists in the sphere.c startread functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

Sound Exchange libsox sphere.c start_read() heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2021-1434 Sound Exchange libsox sphere.c startread heap-based buffer overflow vulnerability March 23, 2022 CVE Number CVE-2021-40426 SUMMARY A heap-based buffer overflow vulnerability exists in the sphere.c startread functionality of Sound Exchange libsox 14.4.2 a...

DEBIAN-CVE-2021-44961

A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. Specially crafted stl files can exhaust available memory. An attacker can provide malicious files to trigger this vulnerability...

CVE-2021-43410

Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log statements. In particular, some HTTP request parameters are logged without first being escaped. Versions affected: master branch before commit 3c5d8c7 1 of airavata-django-portal 1...

Cross site scripting

An out-of-bounds read vulnerability exists in the Obj File TriangleMesh::TriangleMesh functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted obj file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability...

PT-2021-11560 · Libslic3R +2 · Libslic3R +2

Name of the Vulnerable Software and Affected Versions: Slic3r libslic3r version 1.3.0 Slic3r libslic3r Master Commit 92abbc42 Description: An out-of-bounds read issue exists in the TriangleMesh::TriangleMesh functionality when handling obj files. This could lead to information disclosure if a...