Arelle 访问控制错误漏洞

Arelle is an open-source XBRL platform developed by Arelle Open Source. It supports data validation and integration. Versions of Arelle prior to 2.39.10 contained a security vulnerability related to access control. This vulnerability stemmed from the /rest/configure REST endpoint accepting plugin...

EUVD-2005-0363

Malware in sbrugna...

EUVD-2010-0752

Malware in sbrugna...

PT-2025-1756 · WordPress · Resads

Name of the Vulnerable Software and Affected Versions: ResAds plugin for WordPress versions up to, and including, 2.0.6 Description: The ResAds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters due to insufficient input sanitization and output escaping...

CVE-2024-28236 Insecure Variable Substitution in Vela

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string...

CVE-2024-28236 Insecure Variable Substitution in Vela

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string...

Stagtools < 2.3.8 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

SUSE CVE-2010-1214

Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements...

SUSE CVE-2010-2755

layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via a crafted HTML document, related to the DATA and...

Novell iPrint Client 'Plugin' Parameter Code Execution Vulnerability - Windows

Novell iPrint Client is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Novell iPrint Client < 5.42 Multiple Flaws

Novell iPrint Client version older than 5.42 is installed on the remote host. Such versions are reportedly affected by multiple vulnerabilities : - Due to a flaw in nipplib.dll module, it may be possible for a remote attacker to delete arbitrary files from the remote system via the...

Novell iPrint Client Browser Plugin Parameter Name Remote Code Execution

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Novell iPrint Client browser plugin. User interaction is required in that a target must visit a malicious web page. The specific flaw exists within handling plugin parameters. The application...

Firefox 3.6 < 3.6.7 Multiple Vulnerabilities

The installed version of Firefox 3.6.x is earlier than 3.6.7. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could result in memory corruption, potentially resulting in arbitrary code execution. MFSA 2010-34 - An error in DOM attribute...

Mozilla Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability

Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements...

Mozilla Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability

Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements...

Mozilla Firefox 3.5.x < 3.5.11 Multiple Vulnerabilities

Binary data 5606.prm...

Firefox 3.6.x < 3.6.7 Multiple Vulnerabilities

Binary data 800780.prm...

SeaMonkey < 2.0.6 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 2.0.6. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could result in memory corruption, potentially resulting in arbitrary code execution. MFSA 2010-34 - An error in DOM attribute cloning...

CVE-2010-0726

Cross-site scripting XSS vulnerability in the tb-send.rb TrackBack transmission plugin in tDiary 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly related to the 1 plugintburl and 2 plugintbexcerpt parameters...

CVE-2005-0435

awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog...