140 matches found
Dark Caracal Uses Poco RAT to Target Spanish-Speaking Enterprises in Latin America
The threat actor known as Dark Caracal has been attributed to a campaign that deployed a remote access trojan called Poco RAT in attacks targeting Spanish-speaking targets in Latin America in 2024. The findings come from Russian cybersecurity company Positive Technologies, which described the...
[SECURITY] [DLA 4024-1] poco security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4024-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk January 20, 2025 https://wiki.debian.org/LTS -...
DLA-4024-1 poco - security update
Bulletin has no description...
CVE-2025-23689
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Poco Blogger Image Import allows Stored XSS.This issue affects Blogger Image Import: from 2.1 through n/a...
CVE-2025-23689
CVE-2025-23689 describes a Stored XSS in the Blogger Image Import plugin for Blogger Image Import (WordPress). The issue arises from improper input neutralization during web page generation, enabling stored cross-site scripting. Affected version range is from 2.1 to n/a, per the entry. The CVSS b...
OSV-2025-32 UNKNOWN READ in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<ch
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=389754841 Crash type: UNKNOWN READ Crash state: std::1::basicstring, std::1::allocatorch Poco::Net::NTLMCredentials::parseChallengeMessage Poco::Net::HTTPNTLMCredentials::createNTLMMessage...
PT-2025-16152 · Git +1 · Poco
Name of the Vulnerable Software and Affected Versions: Poco versions affected versions not specified Description: The software contains a crash issue related to an unknown read error occurring within the Poco::Net::NTLMCredentials::parseChallengeMessage and...
PT-2025-5024 · Unknown · Poco Blogger Image Import
Name of the Vulnerable Software and Affected Versions: Poco Blogger Image Import versions 2.1 through n/a Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows stored XSS. This enables potential attacke...
UIOMatic 注入漏洞
UIOMatic is a tool by Tim Geyssens personal developer. It automatically generates an integrated crud UI for npoco poco based db tables. An injection vulnerability exists in UIOMatic version 5, which stems from the file /src/UIOMatic/wwwroot/backoffice/resources/uioMaticObject.r that can lead to S...
OSV-2024-1272 Segv on unknown address in std::__1::ios_base::~ios_base
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=371292576 Crash type: Segv on unknown address Crash state: std::1::iosbase::iosbase Poco::Net::MultipartReader::nextPart Poco::Net::MailMessage::readMultipart...
CVE-2024-10412
A vulnerability was found in Poco-z Guns-Medical 1.0. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /mgr/upload of the component File Upload. The manipulation of the argument picture leads to cross site scripting. The attack can be launched...
CVE-2024-10412
A vulnerability was found in Poco-z Guns-Medical 1.0. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /mgr/upload of the component File Upload. The manipulation of the argument picture leads to cross site scripting. The attack can be launched...
CVE-2024-10412 Poco-z Guns-Medical File Upload upload cross site scripting
A vulnerability was found in Poco-z Guns-Medical 1.0. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /mgr/upload of the component File Upload. The manipulation of the argument picture leads to cross site scripting. The attack can be launched...
CVE-2024-10412 Poco-z Guns-Medical File Upload upload cross site scripting
A vulnerability was found in Poco-z Guns-Medical 1.0. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /mgr/upload of the component File Upload. The manipulation of the argument picture leads to cross site scripting. The attack can be launched...
CVE-2024-10412
Poco-z Guns-Medical 1.0 has a cross-site scripting (XSS) vulnerability in the File Upload component, via the upload function at /mgr/upload. The issue arises from manipulating the picture parameter. A remote attacker could exploit it; exploitation details are not provided in the available documen...
OSV-2024-1218 UNKNOWN READ in Poco::UTF16Encoding::queryConvert
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372765426 Crash type: UNKNOWN READ Crash state: Poco::UTF16Encoding::queryConvert Poco::TextConverter::convert Poco::Net::NTLMCredentials::parseChallengeMessage...
PT-2024-40609 · Poco · Poco
Name of the Vulnerable Software and Affected Versions: Poco affected versions not specified Description: The issue is related to a crash caused by an unknown read. Technical details about the crash include the involvement of Poco::UTF16Encoding::queryConvert, Poco::TextConverter::convert, and...
OSV-2024-1216 Use-of-uninitialized-value in Poco::Net::NTLMCredentials::parseChallengeMessage
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372764172 Crash type: Use-of-uninitialized-value Crash state: Poco::Net::NTLMCredentials::parseChallengeMessage Poco::Net::HTTPNTLMCredentials::createNTLMMessage Poco::Net::HTTPNTLMCredentials::authenticate...
PT-2024-40608 · Poco · Poco
Name of the Vulnerable Software and Affected Versions: Poco affected versions not specified Description: The issue is related to a crash caused by the use of an uninitialized value. The crash occurs in the Poco::Net::NTLMCredentials::parseChallengeMessage function, which is called by...
OSV-2024-1071 Use-of-uninitialized-value in Poco::Dynamic::Var::~Var
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42538385 Crash type: Use-of-uninitialized-value Crash state: Poco::Dynamic::Var::Var void Poco::JSON::Object::doStringifystd::1::mapstd::1::basicstringchar, Poco::JWT::Serializer::serialize...