CVE-2024-6062

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this issue is the function swfsvgaddisosample of the file src/filters/loadtext.c of the component MP4Box. The manipulation leads to null pointer dereference. The attack needs to be...

PT-2024-37355 · Gpac +1 · Gpac +1

Name of the Vulnerable Software and Affected Versions: GPAC version 2.5-DEV-rev228-g11067ea92-master Description: A problematic issue has been found, affecting the isoffin process function of the src/filters/isoffin read.c file in the MP4Box component. This issue leads to an infinite loop. The...

CVE-2022-4969 bwoodsend rockhopper Binary Parser ragged_array.c count_rows buffer overflow

A vulnerability, which was classified as critical, has been found in bwoodsend rockhopper up to 0.1.2. Affected by this issue is the function countrows of the file rockhopper/src/raggedarray.c of the component Binary Parser. The manipulation of the argument raw leads to buffer overflow. Local...

CVE-2022-4969

CVE-2022-4969 describes a buffer overflow in the rockhopper Binary Parser’s function count_rows (ragged_array.c). The issue is triggered by manipulating the argument raw and requires local access to exploit. A fix is available in rockhopper v0.2.0, with patch reference 1a15fad5e06ae693eb9b8908363...

CVE-2024-5383

A vulnerability classified as problematic has been found in lakernote EasyAdmin up to 20240324. This affects an unknown part of the file /sys/file/upload. The manipulation of the argument file leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

CVE-2024-5383

A vulnerability classified as problematic has been found in lakernote EasyAdmin up to 20240324. This affects an unknown part of the file /sys/file/upload. The manipulation of the argument file leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

CVE-2024-5383 lakernote EasyAdmin upload cross site scripting

A vulnerability classified as problematic has been found in lakernote EasyAdmin up to 20240324. This affects an unknown part of the file /sys/file/upload. The manipulation of the argument file leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

CVE-2014-125111

CVE-2014-125111 affects namithjawahar Wp-Insert up to 2.0.8. The issue enables cross-site scripting via an unknown function, with remote exploitation potential. A fix is available in version 2.0.9; patch name: a07b7b08084b9b85859f3968ce7fde0fd1fcbba3.

CVE-2014-125110 wp-file-upload Plugin wfu_ajaxactions.php wfu_ajax_action_callback cross site scripting

A vulnerability has been found in wp-file-upload Plugin up to 2.4.3 on WordPress and classified as problematic. Affected by this vulnerability is the function wfuajaxactioncallback of the file lib/wfuajaxactions.php. The manipulation leads to cross site scripting. The attack can be launched...

CVE-2014-125110

The CVE-2014-125110 entry describes a cross-site scripting vulnerability in the wp-file-upload WordPress plugin (versions up to 2.4.3). The issue affects the function wfu_ajax_action_callback in lib/wfu_ajaxactions.php, enabling remote exploitation. Upgrading to version 2.4.4 mitigates the issue ...

CVE-2015-10131

CVE-2015-10131 affects the chrisy TFO Graphviz Plugin for WordPress (up to version 1.9). The vulnerability targets the admin_page_load/admin_page function in tfo-graphviz-admin.php, enabling cross-site scripting that can be triggered remotely. A fix is available in version 1.10, and the patch is ...

CVE-2024-3081

CVE-2024-3081 affects EasyCorp EasyAdmin up to 4.8.9. The XSS flaw is in the Autocomplete function (assets/js/autocomplete.js) where manipulating the item argument enables cross-site scripting. The issue is exploitable remotely. Upgrading to EasyAdmin 4.8.10 fixes the vulnerability (patch identif...

CVE-2020-36826

A vulnerability was found in AwesomestCode LiveBot. It has been classified as problematic. Affected is the function parseSend of the file js/parseMessage.js. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. This product is using a rolling release to...

PT-2024-10836 · Unknown · Cyberaz0R Webrat

Name of the Vulnerable Software and Affected Versions: cyberaz0r WebRAT up to 20191222 Description: A critical issue affects the function download file of the file Server/api.php. The manipulation of the argument name leads to unrestricted upload. The attack can be initiated remotely. The real...

CVE-2024-20017

In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132...

CVE-2024-20010

In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358560; Issue ID: ALPS08358560...

CVE-2019-25159

A vulnerability was found in mpedraza2020 Intranet del Monterroso up to 4.50.0. It has been classified as critical. This affects an unknown part of the file config/cargos.php. The manipulation of the argument dniprofe leads to sql injection. Upgrading to version 4.51.0 is able to address this...

Sql injection

A vulnerability was found in mpedraza2020 Intranet del Monterroso up to 4.50.0. It has been classified as critical. This affects an unknown part of the file config/cargos.php. The manipulation of the argument dniprofe leads to sql injection. Upgrading to version 4.51.0 is able to address this...

PT-2024-10617 · Blockmason · Blockmason Credit-Protocol

Name of the Vulnerable Software and Affected Versions: blockmason credit-protocol affected versions not specified Description: A vulnerability was found in the blockmason credit-protocol, affecting the executeUcacTx function of the contracts/CreditProtocol.sol file in the UCAC Handler component...

CVE-2018-25097 Acumos Design Studio cross site scripting

A vulnerability, which was classified as problematic, was found in Acumos Design Studio up to 2.0.7. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The name of...