Security update for grafana

This update for grafana fixes the following issues: grafana was updated from version 9.5.18 to 10.4.13 jscPED-11591,jscPED-11649: Security issues fixed: CVE-2024-45337: Prevent possible misuse of ServerConfig.PublicKeyCallback by upgrading golang.org/x/crypto bsc1234554 CVE-2023-3128: Fixed...

SUSE CVE-2024-7264

libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointer to a heap buffer area that i...

XSS in Schedule tab of Documents

Description pimcore is vulnerable to XSS at Time field in Schedule tab of Document. Payload " Proof of Concept 1.Go to https://demo.pimcore.fun/admin/ and login. 2.In Documents, go to home - click on Schedule icon to go to this tab. 3.In the Schedule tab, input the payload " into the Time field a...

SUSE CVE-2013-4168

Cross-site scripting XSS vulnerability in SmokePing 2.6.9 in the start and end time fields...

UBUNTU-CVE-2013-4168

Cross-site scripting XSS vulnerability in SmokePing 2.6.9 in the start and end time fields...

CVE-2018-17653

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Foxit Reader and Foxit PhantomPDF for Windows Memory Misreference Vulnerability (CNVD-2018-25203)

Foxit Reader for Windows is a Windows-based PDF document reader from China's Foxit Foxit Software Corporation.Foxit PhantomPDF for Windows is its commercial version. A memory misreference vulnerability exists in the processing of the getItemState method of TimeField in Foxit Reader 9.2.0.9297 and...

CVE-2018-15504

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11...

UBUNTU-CVE-2015-1789

The X509cmptime function in crypto/x509/x509vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted length field in ASN1TIME data, as demonstrated...

i.FTP 2.21 - Time Field SEH Exploit

Exploit for windows platform in category remote exploits !/usr/bin/python Exploit Title : i.FTP 2.21 Time Field SEH Exploit Exploit Author : Revin Hadi S Vulnerability PoC : Avinash Kumar Thapa "-Acid" Date : 05/08/2015 Vendor : http://www.memecode.com/iftp.php Software Link :...

i.FTP 2.21 - Time Field (SEH)

i.FTP 2.21 - Time Field SEH !/usr/bin/python Exploit Title : i.FTP 2.21 Time Field SEH Exploit Exploit Author : Revin Hadi S Vulnerability PoC : Avinash Kumar Thapa "-Acid" PoC Link : https://www.exploit-db.com/exploits/36847/ Date : 05/08/2015 Vendor : http://www.memecode.com/iftp.php Software...

i.FTP 2.21 - Time Field (SEH)

!/usr/bin/python Exploit Title : i.FTP 2.21 Time Field SEH Exploit Exploit Author : Revin Hadi S Vulnerability PoC : Avinash Kumar Thapa "-Acid" PoC Link : https://www.exploit-db.com/exploits/36847/ Date : 05/08/2015 Vendor : http://www.memecode.com/iftp.php Software Link :...

[SECURITY] Fedora 20 Update: drupal7-date-2.8-1.fc20

This Drupal module contains both a flexible date/time field type and a Date API that other modules can use...

CVE-2005-4190

Multiple cross-site scripting XSS vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by 1 the identity field, 2 Category and 3 Label search fields, 4 the Mobile Phone field, and ...