CVE-2024-53860 Potential Abuse for Sending Arbitrary Emails in sp-php-email-handler

sp-php-email-handler is a PHP package for handling contact form submissions. Messages sent using this script are vulnerable to abuse, as the script allows anybody to specify arbitrary email recipients and include user-provided content in confirmation emails. This could enable malicious actors to...

GHSA-F598-MFPV-GMFX Sequelize - Default support for “raw attributes” when using parentheses

Impact Sequelize 6.28.2 and prior has a dangerous feature where using parentheses in the attribute option would make Sequelize use the string as-is in the SQL ts User.findAll attributes: 'countid', 'count' ; Produced sql SELECT countid AS "count" FROM "users" Patches This feature was deprecated i...

Design/Logic Flaw

Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-provided content when sending invitation emails. A malicious authenticated user can inject content...

CVE-2018-11044

Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-provided content when sending invitation emails. A malicious authenticated user can inject content...

Microsoft Edge based on Edge HTML Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attac...

Microsoft Edge PDF Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack...

Internet Explorer Information Disclosure Vulnerability

An information disclosure vulnerability exists when Internet Explorer improperly handles page content, which could allow an attacker to detect the navigation of the user leaving a maliciously crafted page. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a...

Internet Explorer Information Disclosure Vulnerability

An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack scenario, an...

Scripting Engine Information Disclosure Vulnerability

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. In a web-based attack scenario, an...

Microsoft Edge based on Edge HTML Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attac...

Scripting Engine Information Disclosure Vulnerability

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. In a web-based attack scenario, an...

Microsoft Browser Information Disclosure Vulnerability

An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack...

Internet Explorer Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mixed Content warnings. This could allow for the loading of unsecure content HTTP from secure locations HTTPS. In a web-based attack scenario, an attacker could host a malicious website that is designed ...

Microsoft Browser Information Disclosure Vulnerability

An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack...

Internet Explorer XSS Filter Vulnerability

A remote code execution vulnerability exists when the Internet Explorer XSS Filter does not properly validate JavaScript under specific conditions. An attacker who exploited the vulnerability could run arbitrary code with medium-integrity level privileges the permissions of the current user. In a...

SA-CONTRIB 2010-075 - Tagging - Cross Site Scripting

The Tagging module provides an alternative input widget and other features for taxonomy terms. The module does not properly escape user-provided content submitted to free-tagging vocabularies displayed on node previews, leading to a Cross Site Scripting XSS vulnerability. Any user with permission...