91 matches found
CVE-2025-14265
In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...
EUVD-2000-0113
Malware in sbrugna...
Medium: tigervnc
Issue Overview: A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash. CVE-2025-49175 A flaw was found in the Big Requests extension. The reque...
CVE-2024-11045
A Cross-Site WebSocket Hijacking CSWSH vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on WebSocket connections at...
CVE-2024-11045
A Cross-Site WebSocket Hijacking CSWSH vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on WebSocket connections at...
CVE-2024-11045 Cross-Site WebSocket Hijacking (CSWSH) in automatic1111/stable-diffusion-webui
A Cross-Site WebSocket Hijacking CSWSH vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on WebSocket connections at...
USN-5778-2 xorg-server, xorg-server-hwe-16.04 vulnerabilities
USN-5778-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these...
USN-5778-1 xorg-server, xorg-server-hwe-18.04, xwayland vulnerabilities
Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges...
xorg-server -- Multiple security issues in X server extensions
The X.org project reports: CVE-2022-46340/ZDI-CAN-19265: X.Org Server XTestSwapFakeInput stack overflow The swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. Th...
IBM Jazz Team Server 代码问题漏洞
IBM Jazz Team Server is an application server from IBM Corporation in the United States. provides base services that enable a group of tools to work together as a single logical server, and includes any number of Jazz Team Server Extensions that provide tool-specific functionality.A security...
FreeBSD : xorg-server -- Multiple input validation failures in X server extensions (ffa15b3b-e6f6-11ea-8cbf-54e1ad3d6335)
The X.org project reports : All theses issuses can lead to local privileges elevation on systems where the X server is running privileged. The handler for the XkbSetNames request does not validate the request length before accessing its contents. An integer underflow exists in the handler for the...
xorg-server -- Multiple input validation failures in X server extensions
The X.org project reports: All theses issuses can lead to local privileges elevation on systems where the X server is running privileged. The handler for the XkbSetNames request does not validate the request length before accessing its contents. An integer underflow exists in the handler for the...
UBUNTU-CVE-2020-11020
Faye NPM, RubyGem versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel. It...
Microsoft FrontPage Server Extensions Cross Site Scripting (MS06-017: CVE-2006-0015)
A Cross Site Scripting vulnerability exists in Microsoft FrontPage Server Extensions and Microsoft SharePoint Team Services. The vulnerability is caused as a result of the failure of these products to properly validate certain CGI parameters passed to them. This vulnerability allows arbitrary HTM...
Microsoft FrontPage Server Extensions Buffer Overrun (MS03-051: CVE-2003-0822)
A buffer overflow vulnerability exists in Microsoft FrontPage Server Extensions. The vulnerability is caused as a result of a debug functionality in fp30reg.dll. A remote attacker may exploit this issue by executing arbitrary code via a crafted chunked encoded request...
FrontPage 2000,IIS 4.0/5.0 Server Extensions Path Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1174/info The local path of a HTML, HTM, ASP, or SHTML file can be disclosed in Microsoft IIS 4.0/5.0 / Frontpage Server Extensions 1.1 and prior. Passing a path to a non-existent file to the shtml.exe or shtml.dll...
MS Visual Studio RAD Support Buffer Overflow Vulnerability (metasploit)
No description provided by source. source: http://www.securityfocus.com/bid/2906/info Due to an unchecked buffer in a subcomponent of FrontPage Server Extensions Visual InterDev RAD Remote Deployment Support, a specially crafted request via 'fp30reg.dll' could allow a user to execute arbitrary...
Microsoft FrontPage Server Extensions Cross-Site Scripting Vulnerability
... FrontPage Server Extensions为FrontPage服务扩展,与IIS一起使用可以方便的支持管理、创建以及浏览FrontPage扩展的网站。 ... FrontPage Server Extensions对HTML页面的处理存在输入验证漏洞,远程攻击者可能在客户机器上执行任意脚本代码。 ... FrontPage Server Extensions的fpadmdll.dll中的一些参数没有正确的过滤返回给用户的特定输入,导致跨站脚本问题,可能允许攻击者以当前会话权限以客户机的浏览器中执行恶意脚本代码,利用这个漏洞必须用户交互。...
MS Visual Studio RAD Support Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2906/info Due to an unchecked buffer in a subcomponent of FrontPage Server Extensions Visual InterDev RAD Remote Deployment Support, a specially crafted request via 'fp30reg.dll' could allow a user to execute arbitrary...
Microsoft FrontPage Server Extensions MS-DOS Device Name DoS Vulnerability (Aug 2000)
Microsoft FrontPage Server Extensions is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...