69 matches found
CVE-2024-39904 Code Execution Vulnerability via Local File Path Traversal in Vnote
VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...
VNote Security Vulnerability
VNote is an open source cross-platform Markdown note-taking tool from VNote Open Source. A security vulnerability exists in VNote versions prior to 3.18.1, which stems from the presence of a code execution vulnerability that could allow an attacker to execute arbitrary programs on the victim's...
CVE-2023-39517
Joplin (note-taking app) has a documented XSS vulnerability (CVE-2023-39517) in affected versions where clicking an untrusted image link can execute shell commands. The HTML sanitizer in packages/renderer/htmlUtils.ts::sanitizeHtml preserves and links, but does not remove target or href attribu...
CVE-2023-45673
CVE-2023-45673 affects Joplin desktop prior to version 2.13.3. A remote code execution vulnerability arises when a user clicks a link in a PDF embedded in an untrusted note, because the app does not disable top redirection for note viewer iframes and node integration is enabled. Impact is executi...
CVE-2024-29029 memos vulnerable to an SSRF in /o/get/image
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current...
CVE-2024-29029
Memos: CVE-2024-29029 describes an SSRF flaw at the /o/get/image endpoint in memos 0.13.2 that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is echoed into the current server response, enabling a reflected XSS. The vulnerab...
CVE-2024-29028 memos vulnerable to an SSRF in /o/get/httpmeta
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1...
CherryTree Impostor Dubbed CherryLoader Makes Its Move
Summary: CherryLoader, a new Go-based downloader, has surfaced in cyber attacks, masquerading as the legitimate CherryTree note-taking app. This sophisticated threat infiltrates compromised hosts, delivering malicious payloads such as privilege escalation tools for exploitation and persistent...
The vulnerability of the Memos note-taking software, related to insufficient verification of input data, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Memos note-taking software is related to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the Joplin note-taking application, related to the lack of measures taken to protect the website structure, allows a hacker to execute arbitrary code.
The vulnerability of the Joplin note-taking application is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
Design/Logic Flaw
Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 and prior to version 4.8.0, when creating a note file with HTML, the content is rendered in the preview instead of the file being offered to download. Nextcloud Notes app version 4.8.0 contains a...
CVE-2023-33188
Omni-notes is an open source note-taking application for Android. The Omni-notes Android app had an insufficient path validation vulnerability when displaying the details of a note received through an externally-provided intent. The paths of the note's attachments were not properly validated,...
Design/Logic Flaw
Omni-notes is an open source note-taking application for Android. The Omni-notes Android app had an insufficient path validation vulnerability when displaying the details of a note received through an externally-provided intent. The paths of the note's attachments were not properly validated,...
nodau SQL注入漏洞
nodau is a simple console-based note-taking program by the individual developer TicklishHoneyBee. A security vulnerability exists in nodau, which stems from the fact that incorrect manipulation of the parameter value/name can lead to sql injection...
Malicious code in note-taking (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0ea2d2fd1a7135206395b32cd06293cc0edc73f1477925f0d2002f6f0d5ddd9c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4927 Malicious code in note-taking (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0ea2d2fd1a7135206395b32cd06293cc0edc73f1477925f0d2002f6f0d5ddd9c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
[SECURITY] Fedora 34 Update: gnote-40~rc-1.fc34
Gnote is a desktop note-taking application which is simple and easy to use. It lets you organize your notes intelligently by allowing you to easily link ideas together with Wiki style interconnects. It is a port of Tomboy to C++ and consumes fewer resources...
pwn_example
This is a C programming challenge repository, specifically designed for learning and practicing stack-based buffer overflow attacks. The repository contains several example projects, each demonstrating a different type of attack. The main project, "pwnheapbase/useafterfree", is a simple note-taki...
CherryTree Memory Corruption Vulnerability
CherryTree is a note-taking software that supports unlimited levels of categorization, written in Python, rich text editing and code highlighting support, and supports Linux and Windows platforms. A memory corruption vulnerability exists in CherryTree version 0.36.9, which can be exploited by an...
Evernote Installed (Mac OS X)
Evernote is installed on this host. It is a cloud-based suite of software for note taking and archiving. TRUSTED...