36 matches found
EUVD-2024-38293
Malicious code in bioql PyPI...
EUVD-2022-52933
Malicious code in bioql PyPI...
EUVD-2022-3926
Malicious code in bioql PyPI...
CVE-2021-26702
EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/datasetdictionary URI...
CVE-2004-1795
Info Touch Surfnet kiosk allows local users to access the underlying filesystem via a 'file://' URI...
CVE-2023-27986
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90...
CVE-2023-22630
IzyBat Orange casiers before 202211021 allows SQL Injection via a getCasier.php?taille= URI...
Code Injection
The fromstring function is prone to Server Side Template Injection SSTI where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI...
LG SuperSign CMS File Upload Vulnerability
LG SuperSign CMS is a content management system for LG webOS from the Luckin LG Group in Korea. The system supports connection to external databases and allows access to the server from mobile devices. A file upload vulnerability exists in LG SuperSign CMS, which can be exploited by an attacker...
CVE-2016-1954
The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy CSP violation report, which allows remote attackers to cause a denial of service data...
Kojoney 0.0.4.1 - 'urllib.urlopen()' Remote Denial of Service
source: https://www.securityfocus.com/bid/38395/info Kojoney is prone to a remote denial-of-service vulnerability. A remote attacker can exploit this issue to gain unauthorized access to local files and crash the affected application, resulting in a denial-of-service condition. Versions prior to...
Joomla! Component CB Resume Builder - group_id SQL Injection
Joomla! Component CB Resume Builder - groupid SQL Injection source: https://www.securityfocus.com/bid/36598/info The CB Resume Builder 'comcbresumebuilder' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it...
White Album 2.5 - 'Pictures.php' SQL Injection
source: https://www.securityfocus.com/bid/16247/info White Album is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the...
Microsoft Windows XP - HCP URI Buffer Overflow
Microsoft Windows XP - HCP URI Buffer Overflow source: https://www.securityfocus.com/bid/6802/info A buffer overrun vulnerability was reported for helpctr.exe. The vulnerability exists due to insufficient bounds checking on input supplied via the HCP URI parameter. An attacker can exploit this...
Microsoft Windows XP - HCP URI Buffer Overflow
source: https://www.securityfocus.com/bid/6802/info A buffer overrun vulnerability was reported for helpctr.exe. The vulnerability exists due to insufficient bounds checking on input supplied via the HCP URI parameter. An attacker can exploit this vulnerability by making a HCP request with an...
SECURITY.NNOV: Netscape 4.7x Messanger user information retrival
There are known bugs in Netscape which require information on user's files location. This bug is not serious one, but it allows to get this location. Topic : Netscape 4.7x user information retrival Author : 3APA3A [email protected] Affected software : Netscape 4.7x All Platforms Vendor :...