CVE-2025-71354

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.debugobj.ObjectTreeItem.SetText function in reduce methods. Attackers can craft pickle files with embedded code that bypasses picklescan detection and executes arbitrary commands when pickle.load is called...

CVE-2025-71354

Summary: CVE-2025-71354 affects the Python package picklescan (prior to 0.0.29) via the idlelib.debugobj.ObjectTreeItem.SetText reduce path, allowing crafted pickle payloads to bypass detection and cause arbitrary code execution when pickle.load() is used. Affected software: picklescan (versions ...

EUVD-2025-210327

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.debugobj.ObjectTreeItem.SetText function in reduce methods. Attackers can craft pickle files with embedded code that bypasses picklescan detection and executes arbitrary commands when pickle.load is called...

EUVD-2007-4564

Malware in sbrugna...

EUVD-2021-12773

Malware in sbrugna...

Picklescan has a missing detection when calling built-in python idlelib.debugobj.ObjectTreeItem

Summary Using idlelib.debugobj.ObjectTreeItem.SetText, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.debugobj.ObjectTreeItem.SetText function in...

CVE-2021-25893

Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting XSS vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/...

postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions

A flaw was found in org.postgresql. This issue allows the creation of a temporary file when using PreparedStatement.setTextint, InputStream and PreparedStatemet.setByteaint, InputStream. This could allow a user to create an unexpected file available to all users, which could end in unexpected...

postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions

A flaw was found in org.postgresql. This issue allows the creation of a temporary file when using PreparedStatement.setTextint, InputStream and PreparedStatemet.setByteaint, InputStream. This could allow a user to create an unexpected file available to all users, which could end in unexpected...

PostgreSQL JDBC Driver 安全漏洞

PostgreSQL JDBC Driver is an open source JDBC driver written in Pure Java Type 4 for communication in the PostgreSQL native network protocol . An information disclosure vulnerability exists in PostgreSQL JDBC Driver. The vulnerability stems from the fact that a preprocessing statement using...

CVE-2021-25893

Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting XSS vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/...

CVE-2021-25893

Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting XSS vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/...

CVE-2021-25893

Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting XSS vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/...

CVE-2021-25893

Magnolia CMS versions 6.1.3–6.2.3 contain a stored XSS vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/; the issue affects the Magnolia CMS core in these versions. The available sources consistently describe a stored XSS vector with no public exploit details provided in the do...

Magnolia CMS 跨站脚本漏洞

Magnolia is a Java-based open source content management system CMS. A stored cross-site scripting vulnerability exists in the setText parameter of /magnoliaAuthor/.magnolia/ in Magnolia versions 6.1.3 - 6.2.3. No details of the vulnerability are provided at this time...

NVR SP2 2.0 (nvUnifiedControl.dll 1.1.45.0) - SetText() Remote Exploit

No description provided by source. ------------------------------------------------------------------------------------------ PoC2 NVR SP2 2.0 nvUnifiedControl.AUnifiedControl.1 nvUnifiedControl.dll v. 1.1.45.0 SetText Remote BoF Heap Spray Technique url: http://www.acti.com/index.asp author:...

NVR SP2 2.0 (nvUnifiedControl.dll v. 1.1.45.0) SetText() Remote Exploit

No description provided by source. ------------------------------------------------------------------------------------------ PoC2 NVR SP2 2.0 nvUnifiedControl.AUnifiedControl.1 nvUnifiedControl.dll v. 1.1.45.0 "SetText" Remote BoF Heap Spray Technique url: http://www.acti.com/index.asp author:...

CVE-2007-4582

CVE-2007-4582 describes a buffer overflow in the nvUnifiedControl.AUnifiedControl.1 ActiveX control (nvUnifiedControl.dll 1.1.45.0) used by ACTi Network Video Recorder (NVR) SP2 2.0. An attacker can trigger the overflow by passing a long second argument to the SetText method, enabling remote code...

NVR SP2 2.0 (nvUnifiedControl.dll v. 1.1.45.0) SetText() Remote BoF

No description provided by source. ----------------------------------------------------------------------------------- NVR SP2 2.0 nvUnifiedControl.AUnifiedControl.1 nvUnifiedControl.dll v. 1.1.45.0 "SetText" Remote BoF url: http://www.acti.com/index.asp author: shinnai mail:...

NVR SP2 2.0 (nvUnifiedControl.dll v. 1.1.45.0)SetText() Remote Exploit

No description provided by source. ------------------------------------------------------------------------------------------ PoC2 NVR SP2 2.0 nvUnifiedControl.AUnifiedControl.1 nvUnifiedControl.dll v. 1.1.45.0 "SetText" Remote BoF Heap Spray Technique url: http://www.acti.com/index.asp author:...