Snapshot fuzzing direct composition with WTF

Cisco Talos has developed a custom fuzzer using the popular snapshot fuzzer "WTF" which targets Direct Composition in Windows. Talos vulnerability research team used Protocol Buffers developed by Google to serialize and deserialize test cases. The Bochscpu backend of WTF was patched and other...

Oracle PeopleSoft Enterprise CC Common Application Objects Security Vulnerability

Oracle PeopleSoft Enterprise CC Common Application Objects is a Common Application Objects component from Oracle Corporation. A security vulnerability exists in Oracle PeopleSoft's PeopleSoft Enterprise CC Common Application Objects version 9.2, which originated when a low-privileged attacker who...

OpenFGA Resource Management Error Vulnerability

OpenFGA is OpenFGA's high performance and flexible authorization/licensing engine built for developers and inspired by Google Zanzibar. A security vulnerability exists in OpenFGA 1.3.3 and earlier versions, which results in a denial of service DOS when too many ListObjects calls are executed...

PT-2023-29700 · Openfga · Openfga

Name of the Vulnerable Software and Affected Versions: OpenFGA versions prior to 1.3.4 Description: OpenFGA is a flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Affected versions of OpenFGA are vulnerable to a denial of service attack. When a number ...

Insecure Deserialization

Radisson is vulnerable to Insecure Deserialization. The vulnerability is due to the client deserializing objects without validation. If an attacker can gain control of the redis server, they can include crafted objects that lead to arbitrary code execution. Due to incomplete fix, its recommended...

SAP Business Objects Web Intelligence Cross-Site Scripting Vulnerability

SAP Business Objects Web Intelligence is a centralized suite from SAP, Germany. It is used for data reporting, visualization, and sharing. A cross-site scripting vulnerability exists in SAP Business Objects Web Intelligence version 420, which stems from the lack of effective filtering and escapin...

The vulnerability of the Microsoft .NET Framework software lies in the improper limitation of XML references to external objects, which allows attackers to access confidential information.

The vulnerability of the Microsoft .NET Framework software platform is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information...

Apache Tomcat 8.5.85 < 8.5.94 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 8.5.85 to 8.5.93, 9.0.70 to 9.0.80, 10.1.0-M1 to 10.1.13 or 11.0.0-M1 to 11.0.0-M11. It is, therefore, affected by multiple vulnerabilities : - Tomcat did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer...

The vulnerability of SAP BusinessObjects Web Intelligence, a web platform for analytics and reporting, relates to the lack of protective measures for the website structure. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the SAP BusinessObjects Web Intelligence web platform relates to the lack of security measures for the website structure. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to protected information by clicking on a specially created malicious...

Cross Site Scripting

concrete5 is vulnerable to Cross Site Scripting XSS. The attacker is able to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings...

Cross Site Scripting (XSS)

ConcreteCMS is vulnerable to Cross Site Scripting. The vulnerability is due to injecting a crafted script into the Forms of the Data objects. The attacker can exploit this vulnerability by injection malicious JavaScript on client side...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including SAP Business Objects, SAP HANA, SAP Netweaver and SAP PowerDesigner. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Cross-Site Request Forgery XSR...

SAP Business Objects Web Intelligence 跨站脚本漏洞

SAP Business Objects Web Intelligence is a centralized suite from SAP, Germany. It is used for data reporting, visualization, and sharing. A cross-site scripting vulnerability exists in SAP Business Objects Web Intelligence version 420, which stems from the lack of effective filtering and escapin...

ConcreteCMS Cross-site Scripting vulnerability

Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS v.9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects...

ConcreteCMS Cross-site Scripting vulnerability

A Cross Site Scripting XSS vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings...

GHSA-6XX7-R8X4-FPJP ConcreteCMS Cross-site Scripting vulnerability

A Cross Site Scripting XSS vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings...

GHSA-P4JJ-GWPG-9JWH ConcreteCMS Cross-site Scripting vulnerability

Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS v.9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects...

CVE-2023-44761

Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects...

CVE-2023-44761

Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects...

CVE-2023-44765

A Cross Site Scripting XSS vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings...