DSpace 7.x / 8.x XMLUI Data Extraction

This Python script sends an HTTP request to a DSpace XMLUI "discover" endpoint using specific query parameters and session cookies. It attempts to retrieve up to 100 records in XML format and saves the response locally as a raw XML dump file. After downloading the data, it performs a basic text...

MiracleLinux 4 : gnupg2-2.0.14-9.AXS4 (AXSA:2018-3257:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2018-3257:01 advisory. gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification CVE-2018-12020 Tenable has...

PT-2026-2946

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status move message handling. The path parameter is reflected into the HTML output without proper output encoding in...

CVE-2025-65572

AllskyTeam AllSky v2024.12.06_06 is affected by a Cross Site Scripting (XSS) flaw in the allskySettings.php handler. The vulnerability arises from parameters (config, filename, extratext) that are processed by showMessages() in status_messages.php, allowing injected scripts to be printed and exec...

EUVD-2016-3163

Malware in sbrugna...

Drupal Core Cross-Site Scripting (XSS)

Drupal uses JavaScript to render status messages in some cases and configurations. In certain situations, the status messages are not adequately sanitized. This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8...

GHSA-8MVQ-8H2V-J9VF Drupal Core Cross-Site Scripting (XSS)

Drupal uses JavaScript to render status messages in some cases and configurations. In certain situations, the status messages are not adequately sanitized. This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8...

Drupal 11.0.x < 11.0.8 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Drupal uses JavaScript to render status messages in some cases and configurations. In certain situations, the status messages are not adequately sanitized. - Drupal core...

DRUPAL-CORE-2024-003

Drupal uses JavaScript to render status messages in some cases and configurations. In certain situations, the status messages are not adequately sanitized...

Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003

Drupal uses JavaScript to render status messages in some cases and configurations. In certain situations, the status messages are not adequately sanitized...

Microsoft Skype for Business Remote Code Execution Vulnerability (CNVD-2023-92200)

Microsoft Skype for Business Server is a secure and unified communications platform from Microsoft that provides instant messaging IM, audio and video calling, online conferencing, online status messages, and sharing capabilities. A remote code execution vulnerability exists in Microsoft Skype fo...

Microsoft Skype for Business Remote Code Execution Vulnerability

Microsoft Skype for Business Server is a secure and unified communications platform from Microsoft that provides instant messaging IM, audio and video calling, online conferencing, online status messages, and sharing capabilities. A remote code execution vulnerability exists in Microsoft Skype fo...

SUSE CVE-2017-18635

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name...

The vulnerability of the imap/command.c file in Mutt and NeoMutt clients arises from errors in handling the character size of IMAP status messages. This vulnerability allows an attacker to execute arbitrary code.

The vulnerability of the imap/command.c file in Mutt and NeoMutt lies in errors in handling the character size of IMAP status messages. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Amazon Linux 2 : java-11-amazon-corretto (ALAS-2019-1246)

OpenJDK: Insufficient restriction of privileges in AccessController Security, 8216381 CVE-2019-2786 OpenJDK: Unbounded memory allocation during deserialization in Collections Utilities, 8213432 CVE-2019-2769 libpng: pngimagefree in png.c in libpng has a use-after-free because pngimagefreefunction...

RHEL 7 : java-11-openjdk (RHSA-2019:1810)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1810 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixe...

USN-3816-2 systemd vulnerability

USN-3816-1 fixed several vulnerabilities in systemd. However, the fix for CVE-2018-6954 was not sufficient. This update provides the remaining fixes. We apologize for the inconvenience. Original advisory details: Jann Horn discovered that unitdeserialize incorrectly handled status messages above ...

Scientific Linux Security Update : gnupg2 on SL7.x x86_64 (20180712)

Security Fixes : - gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification CVE-2018-12020 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid111113;...

CentOS Update for gnupg2 CESA-2018:2180 centos6

Check the version of gnupg2 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882922";...

Scientific Linux Security Update : gnupg2 on SL6.x i386/x86_64 (20180712)

Security Fixes : - gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification CVE-2018-12020 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid111050;...