In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking. Date published : 2019-02-06 https://github.com/gpac/gpac/commit/1c449a34fe0b50aaffb881bfb9d7c5ab0bb18cdd https://github.com/gpac/gpac/issues/1188
GPAC version 0.7.1 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames. Date published : 2019-02-06 https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658 https://github.com/gpac/gpac/issues/1187
GPAC version 0.7.1 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a. Date published : 2019-02-06 https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658 https://github.com/gpac/gpac/issues/1186
In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled. Date published : 2019-02-06 https://github.com/gpac/gpac/commit/4c1360818fc8948e9307059fba4dc47ba8ad255d https://github.com/gpac/gpac/issues/1177
MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description. Date published : 2019-02-06 https://github.com/modxcms/revolution/issues/14103
MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name. Date published : 2019-02-06 https://github.com/modxcms/revolution/issues/14104
MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs. Date published : 2019-02-06...
MODX Revolution through v2.7.0-pl allows XSS via the User Photo field. Date published : 2019-02-06 https://github.com/modxcms/revolution/issues/14102
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an...
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. Date published : 2019-02-06 https://github.com/no-security/sqlalchemy_test https://github.com/sqlalchemy/sqlalchemy/issues/4481#issuecomment-461204518
An issue was discovered in SIDU 6.0. Because the database name is not strictly filtered, the attacker can insert a name containing an XSS Payload, leading to stored XSS. Date published : 2019-02-06 https://github.com/0xUhaw/CVE-Bins/tree/master/SIDU/Stored%20XSS
An issue was discovered in SIDU 6.0. The dbs parameter of the conn.php page has a reflected Cross-site Scripting (XSS) vulnerability. Date published : 2019-02-06 https://github.com/0xUhaw/CVE-Bins/tree/master/SIDU/Reflected%20XSS
In DbNinja 3.2.7, the Add Host function of the Manage Hosts pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name field. Date published : 2019-02-06 https://github.com/0xUhaw/CVE-Bins/tree/master/DbNinja
An issue was discovered in MyWebSQL 3.7. The Add User function of the User Manager pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name Field. Date published : 2019-02-06 https://github.com/0xUhaw/CVE-Bins/tree/master/MyWebSQL