CVE-2025-12829

An uninitialized stack read in Amazon Ion-C versions

CVE-2024-25292

CVE-2024-25292 : RenderTune v1.1.4 is affected by a cross-site scripting (XSS) vulnerability that allows an attacker to inject arbitrary scripts via the Upload Title parameter. Public details include a PoC/exploit repo illustrating the XSS path and potential RCE implications in related examples. ...

CVE-2023-24760

CVE-2023-24760 affects Ofcms v1.1.4, allowing a remote attacker to escalate privileges via the respwd method in SysUserController. Affected component is Ofcms (web CMS); root cause described as improper access control in respwd. The NVD entry reports CVSSv3.1 base score 8.8 (Network, Low complexi...

CVE-2022-29653

OFCMS v1.1.4 was discovered to contain a cross-site scripting XSS vulnerability via the component /admin/comn/service/update.json...

CVE-2022-29653

OFCMS v1.1.4 contains a cross-site scripting (XSS) vulnerability in the /admin/comn/service/update.json component. The root cause is lack of data validation/filtering on user-supplied data and output data, allowing injected JavaScript code to be executed in the context of the affected application...

CVE-2022-27960

Insecure permissions configured in the userid parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information...

CVE-2022-27961

A cross-site scripting XSS vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box...

Design/Logic Flaw

Insecure permissions configured in the userid parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information...

Cross site scripting

A cross-site scripting XSS vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box...

CVE-2022-27961

CVE-2022-27961 : OFCMS v1.1.4 contains a cross-site scripting (XSS) vulnerability in the Comment text box at /ofcms/company-c-47. The issue arises from crafted payloads that allow execution of arbitrary web scripts/HTML. CVSS data in sources indicates a MEDIUM severity (CVSS 3.1: AV:N/AC:L/PR:L/U...

CVE-2022-27960

CVE-2022-27960 affects OFCMS v1.1.4. The issue stems from insecure permissions configured in the user_id parameter within SysUserController.java, enabling an attacker to access and arbitrarily modify users’ personal information. The Network vulnerability arises from insufficient access control on...

GHSA-8V99-48M9-C8PM Incorrect Authorization in imgcrypt

Imgcrypt implements a function CheckAuthorization that is supposed to check whether a user is authorized to access an encrypted image given the keys that the user has provided on the command line that would enable decryption of the image. The check is to prevent that a user can start a container...

Code injection

EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of t...

CVE-2021-39182

CVE-2021-39182 affects EnroCrypt, a Python module for encryption and hashing. Before v1.1.4, it used MD5 in hashing.py, an insecure hash algorithm. The root cause is the use of MD5 in the hashing file, and the vulnerability is patched in v1.1.4. A workaround described is removing the MD5 hashing ...

GHSA-76WF-2XCF-6WMX Malicious Package in ngx-pica

Version 1.1.5 of ngx-pica contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluate your...

Design/Logic Flaw

The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in Gxlcms v1.1.4 allows remote attackers to read arbitrary files via a crafted index.php?s=Admin-Tpl-ADD-id request, related to Lib/Common/Admin/function.php...

CVE-2018-14685

The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in Gxlcms v1.1.4 allows remote attackers to read arbitrary files via a crafted index.php?s=Admin-Tpl-ADD-id request, related to Lib/Common/Admin/function.php...

CVE-2018-14685

The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in Gxlcms v1.1.4 allows remote attackers to read arbitrary files via a crafted index.php?s=Admin-Tpl-ADD-id request, related to Lib/Common/Admin/function.php...

GR Blog 1.1.4 (Upload/Bypass) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ============================================================= GR Blog 1.1.4 Upload/Bypass Multiple Remote Vulnerabilities ============================================================= // TEST ON VERSION GR Blog v1.1.4, in my localhost // +...

GR Blog 1.1.4 (Upload/Bypass) Multiple Remote Vulnerabilities

No description provided by source. GR Blog v1.1.4 Upload/Bypass Multiple Remote Vulnerabilities Author: Jose Luis Gongora Fernandez a.k.a JosS sys-projectathotmail.com Web: http://hack0wn.com/ // TEST ON VERSION GR Blog v1.1.4, in my localhost Download :...