EUVD-2026-14905

JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting XSS vulnerability in the release function within app/home/c/UserController.php. The application attempts to sanitize input by filtering tags but fails to recursively remove dangerous event handlers in other HTML tags such as onerro...

Cross site scripting

JIZHICMS 1.5.1 contains a cross-site scripting XSS vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie...

Unspecified Vulnerability in Mozilla Firefox (CNVD-2021-07319)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox. When using flex-basis on a table wrapper, StyleGenericFlexBasis objects may be incorrectly converted to the wrong type. This would result in a heap...

CVE-2019-15354

The CVE-2019-15354 entry concerns the Ulefone Armor 5 Android device. A pre-installed app (package com.mediatek.wfo.impl, v8.1.0) exposes an interface that allows any co-located app to modify a system property without proper authorization. This constitutes a local-impact, integrity-related vulner...

Advantech EKI-6340 2.05 Command Injection Vulnerability

Advantech EKI-6340 series is vulnerable to an OS command injection, which can be exploited by remote attackers to execute arbitrary code and commands, by using a non privileged user against a vulnerable CGI file. Advantech EKI-6340 Command Injection 1. Advisory Information Title: Advantech EKI-63...

Advantech AdamView Buffer Overflow

Advisory ID Internal CORE-2014-0008 1. Advisory Information Title: Advantech AdamView Buffer Overflow Advisory ID: CORE-2014-0008 Advisory URL:http://www.coresecurity.com/advisories/advantech-adamview-buffer-overflow Date published: 2014-11-19 Date of last update: 2014-11-19 Vendors contacted:...

Luxology Modo 401 .LXO Integer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Luxology Modo 401 .LXO Integer Overflow 1. Advisory Information Title: Luxology Modo 401 .LXO Integer Overflow Advisory Id: CORE-2009-0913 Advisory URL:...

Autodesk SoftImage Scene TOC Arbitrary Command Execution

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk SoftImage Scene TOC Arbitrary Command Execution 1. Advisory Information Title: Autodesk SoftImage Scene TOC Arbitrary...

Autodesk Maya Script - Nodes Arbitrary Command Execution

Autodesk Maya Script - Nodes Arbitrary Command Execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk Maya Script Nodes Arbitrary Command Execution 1. Advisory Information Title: Autodesk Maya Script...

Core Security Technologies Advisory 2009.0908

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk SoftImage Scene TOC Arbitrary Command Execution 1. Advisory Information Title: Autodesk SoftImage Scene TOC Arbitrary Command Execution Advisory Id:...

Blender 2.34 2.35a 2.4 2.49b .blend File Command Injection

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Blender .blend Project Arbitrary Command Execution 1. Advisory Information Title: Blender .blend Project Arbitrary Command Executio...

Blender 2.34/2.35a/2.4/2.49b - '.blend' Command Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Blender .blend Project Arbitrary Command Execution 1. Advisory Information Title: Blender .blend Project Arbitrary Command Execution Advisory Id: CORE-2009-0912...

[Full-disclosure] CORE-2009-0519 - Awingsoft Awakening Winds3D Viewer remote command execution vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Awingsoft Awakening Winds3D Viewer remote command execution vulnerability 1. Advisory Information Title: Awingsoft Awakening Winds3D Viewer remote command execution...

[CORE-2003-12-05] DCE RPC Vulnerabilities New Attack Vectors Analysis

Core Security Technologies Advisory http://www.coresecurity.com DCE RPC Vulnerabilities New Attack Vectors Analysis Date Published: 2003-12-10 Last Update: 2003-12-10 Advisory ID: CORE-2003-12-05 Title: DCE RPC Vulnerabilities New Attack Vectors Analysis Remotely Exploitable: Yes Locally...