32 matches found
SUSE CVE-2023-6185
Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to r...
NASL Plugin Signature Checks Disabled
This scan was executed with signature checking for Nessus plugins disabled by a scan setting. This permits plugins to run which have not been vetted by Tenable. Unless you have an extremely good reason for enabling this setting, it is recommended that you disable that setting. %NASLMINLEVEL 80900...
WeCube 跨站脚本漏洞
WeCube is a set of open source , one-stop It architecture management and operation and maintenance management tools . Used to simplify the distributed architecture It management , and can be extended through plug-ins . A security vulnerability exists in WeCube Platform version 3.2.2, which stems...
CVE-2021-3243
Wfilter ICF 5.0.117 contains a cross-site scripting XSS vulnerability. An attacker in the same LAN can craft a packet with a malicious User-Agent header to inject a payload in its logs, where an attacker can take over the system by through its plugin-running function...
WFilter ICF 跨站脚本漏洞
WFilter ICF is a WFilter open source application . Provides a Web-based content management system . Wfilter ICF version 5.0.117 cross-site scripting vulnerability can be exploited by an attacker who can take over the system through its ability to run plug-ins...
CVE-2020-15593
SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC Inter-Process Communicati...
What’s new in Nessus 8
Today Tenable released a new version of their famous vulnerability scanner - Nessus 8. The existing scanner nodes don't see the updates yet, but the installation binaries are already available. So you may try to install it. This major release will be way more positive than the previous one. Of...
CVE-2016-9008
IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent...
Apache Cordova vulnerable to arbitrary plugin execution
Overview Apache Cordova contains a vulnerability where arbitrary plugins may be executed. Apache Cordova provided by the Apache Software Foundation is a framework for creating mobile applications for various platforms. iOS applications built using Apache Cordova contain a vulnerability where...
JVN#41772178: Apache Cordova vulnerable to arbitrary plugin execution
Apache Cordova provided by the Apache Software Foundation is a framework for creating mobile applications for various platforms. iOS applications built using Apache Cordova contain a vulnerability where arbitrary plugins may be executed. Impact Accessing a specially crafted URL may result in...
CVE-2015-5208
Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link...
AWStats 6.4 - Denial of Service
AWStats 6.4 - Denial of Service !/usr/bin/perl Summarized the advisory www.ghc.ru GHC: /str0ke 0 Exploitable example raw log plugin: Attacker can read sensitive information http://server/cgi-bin/awstats-6.4/awstats.pl?pluginmode=rawlog&loadplugin=rawlog 1 Perl code execution. This script...