Xpdf 缓冲区错误漏洞

Xpdf is a free PDF viewer and toolkit from Xpdf, Inc. that includes a text extractor, image converter, HTML converter, and more. A security vulnerability exists in Xpdf versions 4.05 and earlier, which stems from a vulnerability that allows an attacker to trigger an out-of-bounds array write...

Xpdf 缓冲区错误漏洞

Xpdf is a free PDF viewer and toolkit from Xpdf, including a text extractor, image converter, HTML converter, and more. A security vulnerability exists in Xpdf versions 4.05 and earlier, which stems from a long Unicode sequence in ActualText that could result in out-of-bounds array writes...

PT-2024-24603

Name of the Vulnerable Software and Affected Versions Xpdf versions 4.05 and earlier Description The issue is caused by a PDF object loop in the attachments, leading to infinite recursion and a stack overflow. Recommendations For versions 4.05 and earlier, update to a newer version to mitigate th...

PT-2024-22965

Name of the Vulnerable Software and Affected Versions Xpdf versions 4.05 and earlier Description The issue is an out-of-bounds array write in Xpdf, triggered by a negative object number in an indirect reference in the input PDF file. This occurs when the software processes a PDF file containing a...

PT-2024-18240 · Garo · Garo Wallbox Glb+ T2Ev7

Name of the Vulnerable Software and Affected Versions: GARO WALLBOX GLB+ T2EV7 version 0.5 Description: A problematic issue was found in the Software Update Handler component, affecting an unknown part of the file /index.jspsettings. The manipulation of the Reference argument leads to cross-site...

Mathtex Security Breach

Mathtex is a CGI program written in C for the Manim community. A security vulnerability exists in Mathtex version 1.05 and prior versions, which stems from a command injection vulnerability. A remote attacker can use this vulnerability to execute arbitrary code via a crafted string in the...

Taokeyun SQL Injection Vulnerability

Taokeyun is a shopping mall system by jifeer individual developer. A SQL injection vulnerability exists in Taokeyun version 1.0.5 and earlier versions, which originates from a SQL injection vulnerability in the cid parameter of the index function in the application/index/controller/m/Drs.php file...

CVE-2023-49163

Cross-Site Request Forgery CSRF vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.5...

FormaLMS 跨站脚本漏洞

FormaLMS is an open source learning management system. It is used to build around the specific needs of corporate training. A cross-site scripting vulnerability exists in FormaLMS versions prior to 4.0.5, which stems from the application's lack of effective filtering and escaping of user-supplied...

CVE-2023-27260

Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

CVE-2023-26583

Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

IDAttend IDWeb SQL Injection Vulnerability

IDAttend IDWeb is a web-based module from IDAttend, Inc. A security vulnerability exists in IDAttend IDWeb version 3.1.052 and prior versions that stems from an unauthenticated SQL injection in the GetExcursionList method...

Koha Code Issue Vulnerability

Koha is a Koha organization's system for building websites for automated library management. A security vulnerability exists in Koha Library Software version 23.0.5.04 and earlier that could allow a remote attacker to read arbitrary files via the upload-cover-image.pl component...

CVE-2023-43374

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the idutentelog parameter at /hoteldruid/personalizza.php...

CVE-2023-33833

IBM Security Verify Information Queue 10.0.4 and 10.0.5 stores sensitive information in plain clear text which can be read by a local user. IBM X-Force ID: 256013...

CVE-2023-39805

creationtimestamp| type| source ---|---|--- 2023-08-11 00:16:11+00:00| seen| https://t.me/cibsecurity/68257...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +300 more potentially affected by CVE-2023-34149 via org.apache.struts:struts2-core (>=2.0.5 <=2.5.30)

org.apache.struts:struts2-core MAVEN version =2.0.5, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =1.2, =1.0, =1.0, =1.0, =1.0.4 and more Source cves: CVE-2023-34149 Source advisory: OSV:GHSA-8F6X-V685-G2XC...

CVE-2023-3058

A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declared as problematic. This vulnerability affects unknown code of the component User Profile Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the publi...

CVE-2023-33764

eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a stored cross-site scripting XSS vulnerability via the component /de/casting/show/detail/...

Splunk 跨站脚本漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...