CVE-2026-29778

pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be...

EUVD-2025-29369

Malicious code in bioql PyPI...

EUVD-2022-43190

Malicious code in bioql PyPI...

GHSA-HW62-58PR-7WC5 DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace

!NOTE This advisory was originally emailed to [email protected] by @nsysean. To sum it up, the use of javascript's .replace opens up to potential XSS vulnerabilities with the special replacement patterns beginning with $. Particularly, when the attributes of Meta tag from solid-meta are...

DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace

!NOTE This advisory was originally emailed to [email protected] by @nsysean. To sum it up, the use of javascript's .replace opens up to potential XSS vulnerabilities with the special replacement patterns beginning with $. Particularly, when the attributes of Meta tag from solid-meta are...

SUSE CVE-2007-1886

Integer overflow in the strreplace function in PHP 4.4.5 and PHP 5.2.1 allows context-dependent attackers to have an unknown impact via a single character search string in conjunction with a single character replacement string, which causes an "off by one overflow."...

PT-2022-24430 · WordPress · Find/Replace All

Name of the Vulnerable Software and Affected Versions: Find and Replace All WordPress plugin versions prior to 1.3 Description: The issue is related to the lack of a CSRF check when replacing strings, which could allow attackers to make a logged admin replace arbitrary strings in database tables...

SUSE-SU-2021:0906-1 Security update for SUSE Manager Server 4.1

This update fixes the following issues: cobbler: - Fix string replacement for @@xyz@@ - Better performing string replacements grafana-formula: - Set supported to false for unsupported systems bsc1182001 - Add SLES 15 SP3 and openSUSE Leap 15.3 to supported versions mgr-libmod: - Fix 'listmodules'...

Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques

This blog was authored by Danny Adamitis, David Maynor, and Kendall McKay Executive summary Cisco Talos assesses with moderate confidence that a campaign we recently discovered called "BlackWater" is associated with suspected persistent threat actor MuddyWater. Newly associated samples from April...

PHP php_str_replace_in_subject function arbitrary code execution vulnerability

PHP is a general-purpose scripting language that can be embedded in HTML. A security vulnerability exists in the function phpstrreplaceinsubject in PHP ext/standard/string.c. By submitting a specially crafted strireplace function parameter, a remote attacker can execute arbitrary code...

LoadedCommerce7 - Systemic Query Factory Vulnerability

No description provided by source. Title: LoadedCommerce7 Systemic Query Factory Vulnerability Advisory: http://breaking.technology/advisories/CVE-2014-5140.txt Credits: Discovered by Breaking Technology Research Labs 2014-06-30 Reference: CVE-2014-5140 - Assigned 31 June 2014 Timeline: Vendor...

Mozilla Firefox String Replacement Heap Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Mozilla...

mozilla security update

CentOS Errata and Security Advisory CESA-2005:384 Merged security bulletin from advisories: https://lists.centos.org/pipermail/centos-announce/2005-April/073779.html https://lists.centos.org/pipermail/centos-announce/2005-April/073780.html...

Javascript "lambda" replace exposes memory contents — Mozilla

A bug in javascript's regular expression string replacement when using an anonymous function as the replacement argument allows a malicious script to capture blocks of memory allocated to the browser. A web site could capture data and transmit it to a server without user interaction or knowledge...