GHSA-M662-8JRJ-CW6V REDAXO has reflected XSS in backend Metainfo API via type parameter (CSRF token required)

Summary A reflected XSS vulnerability has been identified in the REDAXO backend. The type parameter is concatenated into an API error message and rendered without HTML escaping. --- Details Root cause User input type is injected into an exception message, then rendered by rexview::error which...

REDAXO has reflected XSS in backend Metainfo API via type parameter (CSRF token required)

Summary A reflected XSS vulnerability has been identified in the REDAXO backend. The type parameter is concatenated into an API error message and rendered without HTML escaping. --- Details Root cause User input type is injected into an exception message, then rendered by rexview::error which...

EUVD-2024-30766

Malicious code in bioql PyPI...

CVE-2024-33021

Memory corruption while processing IOCTL call to set metainfo...

CVE-2024-33021

Memory corruption while processing IOCTL call to set metainfo...

CVE-2024-33021 Use of Uninitialized Variable in Automotive GPU

Memory corruption while processing IOCTL call to set metainfo...

CVE-2024-33021

CVE-2024-33021 affects Qualcomm automotive GPU components. The issue is described as memory corruption occurring while processing an IOCTL call to set metainfo, with a Local attack vector, low privileges required, and no user interaction. The CVSS metrics indicate a HIGH impact on confidentiality...

CVE-2020-28656

The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause attacker-controlled files to be written to the infotainmen...

CVE-2020-28656

The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause attacker-controlled files to be written to the infotainmen...

Code injection

The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause attacker-controlled files to be written to the infotainmen...

Metainfo Sendmail 2.0/2.5,MetaIP 3.1

No description provided by source. source: http://www.securityfocus.com/bid/110/info MetaInfo www.metainfo.com puts out many NT service products, including MetaIP DHCP/DNS manager and Sendmail Unix port. Both products allow remote administration via Web UIs, and MetaIP uses Java to communicate ba...

CVE-2010-0012

Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. dot dot in a pathname within a .torrent file...

CVE-2010-0012

Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. dot dot in a pathname within a .torrent file...

CVE-1999-0268

MetaInfo MetaWeb web server is vulnerable to remote command execution and arbitrary file read via path traversal. Multiple connected sources (Red Hat advisory, EUVD, CVE records, Nessus plugin) describe that an attacker can upload, execute and read scripts, with traversal using ../ in requests en...

Metainfo Sendmail 2.0/2.5 / MetaIP 3.1 - Upload / Execute Read Scripts

source: https://www.securityfocus.com/bid/110/info MetaInfo www.metainfo.com puts out many NT service products, including MetaIP DHCP/DNS manager and Sendmail Unix port. Both products allow remote administration via Web UIs, and MetaIP uses Java to communicate back to the server. MetaInfo bundles...

Metainfo Sendmail 2.02.5 MetaIP 3.1 - Upload Execute Read Scripts

Metainfo Sendmail 2.02.5 MetaIP 3.1 - Upload Execute Read Scripts source: https://www.securityfocus.com/bid/110/info MetaInfo www.metainfo.com puts out many NT service products, including MetaIP DHCP/DNS manager and Sendmail Unix port. Both products allow remote administration via Web UIs, and...