OPENSUSE-SU-2023:0345-1 Security update for roundcubemail

This update for roundcubemail fixes the following issues: Update to version 1.6.4 boo1216429: CVE-2023-5631: Fix cross-site scripting vulnerability in handling of SVG in HTML messages Fix PHP8 warnings Fix default 'mime.types' path on Windows Managesieve: Fix javascript error when relational or...

GHSA-VVXF-R4VM-2VM6 Reflected XSS in querystring parameters

An attacker could inject a XSS payload in a Silverstripe CMS response by carefully crafting a return URL on a /dev/build or /Security/login request. To exploit this vulnerability, an attacker would need to convince a user to follow a link with a malicious payload. This will only affect projects...

PT-2022-24417 · Silverstripe · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: Silverstripe silverstripe/framework versions 4.11 and earlier Description: The issue allows an attacker to inject a XSS payload in a Silverstripe CMS response by carefully crafting a return URL on a "/dev/build" or "/Security/login" request. ...

GHSA-FM35-JGG3-3GRX NaN/INF in serverbound movement packets can crash clients and servers

Impact A malicious client may send a MovePlayerPacket to the server whose position or rotation contains NaN or INF. Since neither the server nor vanilla client handles this properly, a number of interesting side effects come into play. - The server may crash in various ways if this exploit is use...

NaN/INF in serverbound movement packets can crash clients and servers

Impact A malicious client may send a MovePlayerPacket to the server whose position or rotation contains NaN or INF. Since neither the server nor vanilla client handles this properly, a number of interesting side effects come into play. - The server may crash in various ways if this exploit is use...

openSUSE Security Update : roundcubemail (openSUSE-2016-996)

This update for roundcubemail fixes the following vulnerabilities : - CVE-2015-8864: XSS issue in SVG images handling boo976988 - CVE-2015-2181: issue in DBMail driver of password plugin Roundcubemail was also updated to 1.0.9, fixing the following bugs : - Fix a regression where some contact dat...

CVE-2006-6257

The file manager in AlternC 0.9.5 and earlier, when warnings are enabled in PHP, allows remote attackers to obtain sensitive information via certain folder names such as ones composed of JavaScript code, which reveal the path in a warning message...

Pinnacle ShowCenter Skin Denial of Service

Dear ladies and gentlemen, I am a proud user of the Pinnacle ShowCenter 1.51. When I was playing around with the system, it seems I have found a denial of service attack against the web interface. First I did manually a HTTP GET request that selects a non-existent skin:...