GHSA-PQXR-3G65-P328 jsPDF has PDF Injection in AcroFormChoiceField that allows Arbitrary JavaScript Execution

Impact User control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or properties, a user can inject arbitrary PDF objects, such as...

Denial of Service (DoS)

Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Denial of Service DoS due to missing timeouts in some of the methods. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...

GHSA-MRQX-MJC4-VFH3 wallabag subject to Improper Authorization via annotations

Impact The annotations feature lets users add annotations on highlighted parts of an entry. The controller does not validate authorization on PUT and DELETE requests which lets a logged user modify or delete any annotation using their ID on their endpoints example.org/annotations/id. These...

Prototype Pollution

keyget is vulnerable to prototype pollution. The vulnerability exists in set and push methods of index.js because the validations are not handled properly which allows an attacker to inject properties into existing construct prototypes and modify attributes...

Hyland OnBase SQL Injection

CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Vendor ------------------------------------------------- Hyland Software - https://www.hyland.com/en/ and https://www.onbase.com/en/ Product ------------------------------------------------- Hylan...

MiniShare 1.4.1 - Remote Buffer Overflow HEAD and POST Method Exploit

Not only the GET method is vulnerable to BOF CVE-2004-2271. HEAD and POST methods are also vulnerable. The difference is minimal, both are exploited in the same way. Only 1 byte difference: GET = 3, HEAD and POST = 4 length ------------------------------------------------------------------- EAX...

Viewpoint Media Player for IE 3.2 - Remote Stack Overflow PoC

No description provided by source. pre codespan style=font: 10pt Courier New;span class=general1-symbolbody bgcolor=E0E0E0----------------------------------------------------------------------------- bViewpoint Media Player for IE 3.2 AxMetaStream.dll Remote Stack Overflow/b url:...

CMailServer 5.4.6 (CMailCOM.dll) Remote SEH Overwrite Exploit

Exploit for unknown platform in category remote exploits ============================================================= CMailServer 5.4.6 CMailCOM.dll Remote SEH Overwrite Exploit ============================================================= 0 strUID = arrStringi...

Viewpoint Media Player for IE 3.2 Remote Stack Overflow PoC

No description provided by source. pre codespan style="font: 10pt Courier New;"span class="general1-symbol"body bgcolor="E0E0E0"----------------------------------------------------------------------------- bViewpoint Media Player for IE 3.2 AxMetaStream.dll Remote Stack Overflow/b...

Viewpoint Media Player for IE 3.2 Remote Stack Overflow PoC

Exploit for unknown platform in category dos / poc =========================================================== Viewpoint Media Player for IE 3.2 Remote Stack Overflow PoC ===========================================================...

Dart Communications PowerTCP - Service Control Remote Buffer Overflow

Dart Communications PowerTCP - Service Control Remote Buffer Overflow 'metasploit one, 456 bytes - cmd /c net user su tzu /add & net localgroup Administrators su /add shellcode =...

Office Viewer OCX 3.2.0.5 Multiple Methods Denial of Service Exploit

Exploit for unknown platform in category dos / poc ==================================================================== Office Viewer OCX 3.2.0.5 Multiple Methods Denial of Service Exploit ==================================================================== 2007/05/04...

Word Viewer OCX 3.2 Remote Denial of Service Exploit

Exploit for unknown platform in category dos / poc ==================================================== Word Viewer OCX 3.2 Remote Denial of Service Exploit ==================================================== 2007/05/03 ----------------------------------------------------------------------------...

ipix-overflow.txt

targetFile = "C:\test\iPIX-ImageWell-ipix\iPIX-ImageWell-ipix.dll" prototype = "Function CreateMediaGroup ByVal bUserID As String , ByVal bPassword As String , ByVal bGroupHandle As String , ByVal NumElements As Integer , ByVal bServiceType As String , ByVal bIPAddr As String As Integer" memberNa...

PowerPoint Viewer OCX 3.2 - ActiveX Control Denial of Service

PowerPoint Viewer OCX 3.2 - ActiveX Control Denial of Service 2007/05/01 ----------------------------------------------------------------------------- PowerPointViewer.ocx v. 3.1.0.3 multiple methods Denial of Service url: http://www.officeocx.com/ price: from €63.95 update to last version to...

IPIX Image Well ActiveX (iPIX-ImageWell-ipix.dll) BoF Exploit

No description provided by source. !-- =============================================================================================== IPIX Image Well ActiveX iPIX-ImageWell-ipix.dll Buffer Overflow Exploit By Umesh Wanve...

CVE-1999-1484

Buffer overflow in MSN Setup BBS 4.71.0.10 ActiveX control setupbbs.ocx allows a remote attacker to execute arbitrary commands via the methods 1 vAddNewsServer or 2 bIsNewsServerConfigured...