Sourceforge Xfig 代码问题漏洞

Sourceforge Xfig is an open source charting tool from Sourceforge. A code issue vulnerability exists in Sourceforge Xfig that stems from a segmentation error when running fig2dev, allowing an attacker to perform local input operations via the readarcobject function...

Sourceforge Xfig 代码问题漏洞

Sourceforge Xfig is an open source charting tool from Sourceforge. A code issue vulnerability exists in Sourceforge Xfig that stems from a stack overflow that occurs when running fig2dev, resulting in memory corruption...

Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings

Threat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge, a popular software hosting service, under the guise of cracked versions of legitimate applications like Microsoft Office. "One such project, officepackage, on the mai...

Attackers distributing a miner and the ClipBanker Trojan via SourceForge

Recently, we noticed a rather unique scheme for distributing malware that exploits SourceForge, a popular website providing software hosting, comparison, and distribution services. The site hosts numerous software projects, and anyone can upload theirs. One such project, officepackage , on the ma...

Sourceforge MRBS 安全漏洞

Sourceforge MRBS is a Sourceforge open source online meeting room management system. A security vulnerability exists in Sourceforge MRBS version 1.5.0, which originates from a SQL injection vulnerability in the editentryhandler.php file...

PHP-Nuke Top Module SQL Injection

Exploit Title: PHP-Nuke SQL injection Top Module + protection Bypass Google Dork: intext: Powered by PHP-Nuke Date: 2024-10-07 Exploit Author: Emiliano Febbi Vendor Homepage: https://phpnuke.org/ Software Link: https://sourceforge.net/projects/phpnuke/files/phpnuke/ Version: 6.x New concept of...

CVE-2024-36404

GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6...

CVE-2024-36404

GeoTools CVE-2024-36404: RCE in evaluating user-supplied XPath expressions affects prior releases; fixes are in 31.2, 30.4, and 29.6. Workarounds include running with reduced functionality by removing the gt-complex jar, which may break application schema queries. A drop-in replacement jar is ava...

CVE-2024-36404 GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions

GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6...

CVE-2024-36404 GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions

GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6...

CVE-2024-36404 GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions

GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6...

Grassroot DICOM 缓冲区错误漏洞

Grassroot DICOM is a Sourceforge open source C++ library for DICOM medical files. A buffer error vulnerability exists in Grassroot DICOM version 3.0.23, which stems from the presence of an out-of-bounds read vulnerability, which can be caused by specially crafted DICOM files...

OpenClinic GA 5.247.01 Path Traversal

Exploit Title: OpenClinic GA 5.247.01 - Path Traversal Authenticated Date: 2023-08-14 Exploit Author: V. B. Vendor Homepage: https://sourceforge.net/projects/open-clinic/ Software Link: https://sourceforge.net/projects/open-clinic/ Version: OpenClinic GA 5.247.01 Tested on: Windows 10, Windows 11...

CVE-2023-45920

Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints. NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager...

Srelay Security Vulnerabilities

Srelay is a SOCKS proxy and relay from Sourceforge open source. A security vulnerability exists in Srelay version v.0.4.8p3. An attacker exploited the vulnerability to trigger a denial of service condition and interrupt service via a specially crafted network payload...

XAMPP - Buffer Overflow Exploit

Exploit Title: XAMPP v3.3.0 — '.ini' Buffer Overflow Unicode + SEH Author: Talson @Ripp3rdoc Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/8.0.28/xampp-windows-x64-8.0.28-0-VS16-installer.exe Version: 3.3.0 Tested on: Windows 11 CVE-2023-46517 \ / \ \ /| | || | /| ||...

Voovi SQL Injection Vulnerability

Voovi is an open source social networking script from Sourceforge. Voovi 1.0 version has a SQL injection vulnerability , the vulnerability stems from editprofile.php has a SQL injection vulnerability...

Voovi SQL Injection Vulnerability

Voovi is an open source social networking script from Sourceforge. Voovi 1.0 version has a SQL injection vulnerability , the vulnerability stems from home.php has a SQL injection vulnerability...

Voovi SQL Injection Vulnerability

Voovi is an open source social networking script from Sourceforge. Voovi 1.0 version has a SQL injection vulnerability , the vulnerability stems from perfil.php has a SQL injection vulnerability...

Voovi Cross-Site Scripting Vulnerability

Voovi is an open source social networking script from Sourceforge. A cross-site scripting vulnerability exists in Voovi version 1.0, which stems from a cross-site scripting vulnerability in signup2.php...