17 matches found
CVE-2026-9501 GNU LibreDWG Dwgread Utility decode.c decompress_R2004_section assertion
A vulnerability was determined in GNU LibreDWG up to 0.14. The impacted element is the function decompressR2004section of the file src/decode.c of the component Dwgread Utility. Executing a manipulation can lead to reachable assertion. The attack is restricted to local execution. The exploit has...
CVE-2023-33199
CVE-2023-33199 concerns Rekor: a malformed proposed entry of the intoto/v0.0.2 type can cause a panic in a Rekor thread. The thread is recovered and the process returns a 500 error, with availability impact described as minimal. A fix is available in Rekor v1.2.0, and upgrade is advised. The conn...
CVE-2022-4554
B2B Customer Ordering System developed by ID Software Project and Consultancy Services before version 1.0.0.347 has an authenticated Reflected XSS vulnerability. This has been fixed in the version 1.0.0.347...
Cross site scripting
B2B Customer Ordering System developed by ID Software Project and Consultancy Services before version 1.0.0.347 has an authenticated Reflected XSS vulnerability. This has been fixed in the version 1.0.0.347...
CVE-2022-4554
The CVE-2022-4554 entry concerns the B2B Customer Ordering System developed by ID Software Project and Consultancy Services. Affected versions are prior to 1.0.0.347 and the vulnerability is an authenticated Reflected XSS vulnerability. The issue is resolved in version 1.0.0.347. Exploitation det...
Jenkins Release Helper Plugin Cross-Site Request Forgery Vulnerability
Jenkins is a software project that is a Java-based continuous integration tool for monitoring continuous and repetitive work, designed to provide an open and easy-to-use software platform that allows software projects to be continuously integrated.A cross-site request forgery vulnerability exists...
Lead a Cross-Organization Test Automation Project Fearlessly!
Last year, Imperva initiated a cross-organizational software project focused on creating a new management console and I had the privilege to lead its test automation effort. In this blog, I will explain the challenges we faced as technical leaders in executing the project and reveal the solutions...
Updated terminology package fixes security vulnerability CVE-2018-20167
Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \epn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types...
CVE-2018-20167
Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \epn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types...
Remote code execution
Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \epn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types...
Esqlanelapse Software Project <= 2.6.2 Insecure Cookie Handling Vuln
No description provided by source. Esqlanelapse Software Project version: 2.6.1 & 2.6.2 Insecure Cookie Handling Vulnerability donwload: http://sourceforge.net/project/showfiles.php?groupid=118575&packageid=129141&releaseid=519061 ----------------------------------------------------------...
Blender 2.342.35a2.42.49b - .blend Command Injection
Blender 2.342.35a2.42.49b - .blend Command Injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Blender .blend Project Arbitrary Command Execution 1. Advisory Information Title: Blender .blend Project Arbitrar...
Bugzilla attachment.cgi跨站请求伪造漏洞
BUGTRAQ ID: 34308 CVECAN ID: CVE-2009-1213 Bugzilla是很多软件项目都在使用的基于Web的BUG跟踪系统。 Bugzilla允许用户通过HTTP请求执行某些操作,但没有对请求执行有效性检查。如果已登录用户受骗访问了恶意网页的话,就可能通过attachment.cgi提交附件。 Mozilla Bugzilla 3.3.3 Mozilla Bugzilla 3.2.2 Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.mozilla.org/...
Esqlanelapse Software Project <= 2.6.2 Insecure Cookie Handling Vuln
No description provided by source. Esqlanelapse Software Project version: 2.6.1 & 2.6.2 Insecure Cookie Handling Vulnerability donwload: http://sourceforge.net/project/showfiles.php?groupid=118575&packageid=129141&releaseid=519061 ----------------------------------------------------------...
esqlanelapse-cookie.txt
Esqlanelapse Software Project version: 2.6.1 & 2.6.2 Insecure Cookie Handling Vulnerability donwload: http://sourceforge.net/project/showfiles.php?groupid=118575&packageid=129141&releaseid=519061 ---------------------------------------------------------- Discovered By: ZoRLu Date: 26.09.2008 Home...
Esqlanelapse Software Project <= 2.6.2 Insecure Cookie Handling Vuln
Exploit for unknown platform in category web applications ==================================================================== Esqlanelapse Software Project = 2.6.2 Insecure Cookie Handling Vuln ==================================================================== Esqlanelapse Software Project...
[SECURITY] Fedora 9 Update: trac-0.10.5-1.fc9
Trac is an integrated system for managing software projects, an enhanced wiki, a flexible web-based issue tracker, and an interface to the Subversion revision control system. At the core of Trac lies an integrated wiki and issue/bug database. Using wiki markup, all objects managed by Trac can...