The AP4_CttsAtom class in Core/Ap4CttsAtom.cpp in Bento4 1.5.1.0 allows remote attackers to cause a denial of service (application crash), related to a memory allocation failure, as demonstrated by mp2aac. Date published : 2021-08-25 https://docs.google.com/document/d/1OSwQjtyALgV3OulmWGaTqZrSzk7Ta-xGrcLI0I7SPyM...
A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters. Date published : 2021-08-25 https://github.com/seabird1992/TEST123/blob/master/071711233468_0zzcms.pdf
A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attackers to execute arbitrary SQL commands via the orders[] parameter. Date published : 2021-08-25 https://github.com/millken/doyocms/issues/3
Insufficient filtering of the tag parameters in feehicms 0.1.3 allows attackers to execute arbitrary web or HTML via a crafted payload. Date published : 2021-08-25 https://github.com/liufee/feehicms/issues/2
thinkphp-zcms as of 20190715 allows SQL injection via index.php?m=home&c=message&a=add. Date published : 2021-08-25 https://github.com/jorycn/thinkphp-zcms/issues/2
A stored cross-site scripting (XSS) vulnerability via ResourceController.java in spring-boot-admin as of 20190710 allows attackers to execute arbitrary web scripts or HTML. Date published : 2021-08-25 https://github.com/sail-y/spring-boot-admin/issues/7
A cross-site scripting (XSS) vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Date published : 2021-08-25 https://github.com/zyx0814/dzzoffice/issues/107
Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id parameter in admin.php. Date published : 2021-08-25 https://github.com/PopojiCMS/PopojiCMS/issues/19
Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the ‘do_checksum’ function in ‘checksum.c’. It can be triggered by sending a crafted pcap file to the ‘tcpreplay-edit’ binary. This...
Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via ‘crc64i’ in the component ‘nasmlib/crc64’. This issue is different than CVE-2019-7147. Date published : 2021-08-25 https://bugzilla.nasm.us/show_bug.cgi?id=3392568
Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via ‘IsNextToken’ in the component ‘src/base/PdfToenizer.cpp’. Date published : 2021-08-25 https://sourceforge.net/p/podofo/tickets/49/
Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component ‘src/base/PdfDictionary.cpp:65’. Date published : 2021-08-25 https://sourceforge.net/p/podofo/tickets/48/
Cross Site Scripting (XSS) vulnerability exists in PopojiCMS 2.0.1 in admin.php?mod=menumanager——— edit menu. Date published : 2021-08-25 https://github.com/PopojiCMS/PopojiCMS/issues/16
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2. Processing a maliciously crafted font may result in...