Lucene search
K

17 matches found

BDU FSTEC
BDU FSTEC
added 2025/06/18 12:0 a.m.6 views

The vulnerability of the Chamilo LMS electronic learning and content management system lies in the lack of verification of the validity of XML objects’ sequences. This allows attackers to execute arbitrary SQL queries.

The vulnerability of the Chamilo LMS, a system for electronic teaching and content management, lies in the lack of verification of the validity of XML objects’ sequences. Exploiting this vulnerability could allow an attacker, operating remotely, to execute arbitrary SQL queries...

9.4CVSS6AI score0.00587EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/05/29 12:0 a.m.5 views

The vulnerability of the form_save() function in the Cacti network monitoring software allows a hacker to execute arbitrary SQL queries.

The vulnerability of the formsave function in the Cacti network monitoring software is related to the lack of validation for the consistency of XML objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

5.5CVSS8.1AI score0.12602EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/05/31 12:0 a.m.4 views

The vulnerability of the user_list_backend.php script in the Piwigo content management system allows attackers to carry out SQL injection attacks.

The vulnerability of the userlistbackend.php script in the Piwigo content management system is related to the lack of validation for the consistency of XML objects. Exploiting this vulnerability allows a malicious actor to carry out attacks based on SQL injections...

9CVSS7.7AI score0.00902EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/17 12:0 a.m.4 views

PT-2023-2929 · Piwigo · Piwigo

Name of the Vulnerable Software and Affected Versions: Piwigo versions prior to 13.6.0 Description: The issue is related to a lack of validation of XML object sequences in the user list backend.php script of the Piwigo content management system. This can be exploited by a remote attacker to condu...

9CVSS8.3AI score0.00902EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:12 a.m.3 views

SUSE CVE-2015-8438

Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute...

9.3CVSS8.3AI score0.0795EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2022/05/05 12:0 a.m.5 views

The vulnerability of the Apache Superset data visualization software lies in the lack of validation for XML objects’ sequences, which allows attackers to carry out attacks based on SQL injections.

The vulnerability of Apache Superset’s data visualization software lies in the lack of validation for the consistency of XML objects. Exploiting this vulnerability allows a remote attacker to carry out attacks based on SQL injections...

10CVSS8AI score0.02788EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/27 12:0 a.m.9 views

The vulnerability of the sapi/cgi/cgi_main.c component of the PHP programming language interpreter allows a hacker to execute arbitrary code.

The vulnerability of the sapi/cgi/cgimain.c component of the PHP programming language interpreter is related to the lack of validation for the sequences of XML objects. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

7.5CVSS7.6AI score0.68846EPSS
Exploits1References18Affected Software4
BDU FSTEC
BDU FSTEC
added 2022/01/20 12:0 a.m.4 views

The vulnerability of the `make_task` function in the software for managing medical organizations, OpenEMR, allows attackers to carry out SQL injection attacks.

The vulnerability of the maketask function in the software for managing medical organizations like OpenEMR is related to the lack of verification of the reliability of XML objects’ sequences. Exploiting this vulnerability allows a malicious actor to carry out attacks based on SQL injections...

10CVSS7.9AI score0.11945EPSS
Exploits2References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/09/15 12:0 a.m.6 views

The vulnerability of the Fortinet FortiPortal security analysis and management tool lies in the lack of validation for XML object sequences, allowing attackers to execute arbitrary SQL commands.

The vulnerability of the Fortinet FortiPortal security analysis and management tool lies in the lack of verification of the validity of XML objects’ sequences. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands using specially crafted HTTP requests...

9.9CVSS8.1AI score0.01655EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2015/12/10 6:0 a.m.14 views

CVE-2015-8438

Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute...

9.3CVSS9AI score0.0795EPSS
Exploits0References11
Prion
Prion
added 2015/12/10 6:0 a.m.18 views

Heap overflow

Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute...

9.3CVSS8AI score0.07985EPSS
Exploits0References11Affected Software4
Cvelist
Cvelist
added 2015/12/10 2:0 a.m.24 views

CVE-2015-8438

Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute...

9AI score0.0795EPSS
Exploits0References11
exploitpack
exploitpack
added 2015/08/19 12:0 a.m.6 views

Adobe Flash - XML.childNodes Use-After-Free

Adobe Flash - XML.childNodes Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=365&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id If a watch is set on the childNodes object of an XML object, and then the XML object is manipulated in...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2008/10/16 12:0 a.m.76 views

Internet Explorer 6 componentFromPoint() remote memory disclosure and remote code execution

There is a bug in Internet Explorer 6 JavaScript implementation enabling remote memory disclosure and remote code execution. The vulnerability is caused by improper implementation of componentFromPoint method of xml object. The vulnerability The vulnerability is triggered by errornous behavior of...

9.3CVSS1.2AI score0.39864EPSS
Exploits1
CVE
CVE
added 2004/01/14 5:0 a.m.65 views

CVE-2003-0817

CVE-2003-0817 involves Internet Explorer 5.01–6 SP1 and could allow a remote attacker to bypass zone restrictions and read local/arbitrary files via an XML object or through cross‑domain scripting. The vulnerability stems from how IE binds XML content and handles cross‑domain security, potentiall...

7.5CVSS7.7AI score0.17957EPSS
Exploits0References10Affected Software2
Symantec
Symantec
added 2003/11/11 12:0 a.m.17 views

Microsoft Internet Explorer XML Object Zone Restriction Bypass Vulnerability

Description Microsoft has announced that a vulnerability exists in Internet Explorer when handling malicious XML objects. The problem is said to occur due to Internet Explorer failing to validate a supplied path when binding local data to the XML document. As a result, a malicious HTML containing...

7.1AI score
Exploits0References1Affected Software1
Exploit DB
Exploit DB
added 2003/09/08 12:0 a.m.36 views

Microsoft Internet Explorer 5 - XML Page Object Type Validation (MS03-040)

source: https://www.securityfocus.com/bid/8565/info Internet Explorer does not properly handle object types, when rendering XML based web sites. This may result in the possibility of the execution of malicious software. The problem occurs when Internet Explorer receives a response from the server...

7.4AI score
Exploits0
Rows per page
Query Builder