### Introduction Cross-site scripting (XSS) is a type of vulnerability that allows to execute any kind of JavaScript code inside the Panel session of the same or other users. In the Panel, a harmful s ...
Continue ReadingAugust 29, 2022
### Introduction Cross-site scripting (XSS) is a type of vulnerability that allows to execute any kind of JavaScript code inside the Panel session of the same or other users. In the Panel, a harmful s ...
Continue ReadingAugust 29, 2022
Hello there! Hope you are doing great! # # Description While digging into your app's source code, I noticed that the `getComment()` function, that can be found on CommentController, had an IDOR, but w ...
Continue ReadingAugust 28, 2022
libanjuta.so is vulnerable to information disclosure.The vulnerability exits in `read_bookmarks` function in `anjuta-bookmarks.c` because the incorrect use of libxml2 API which allows an attacker to g ...
Continue ReadingAugust 27, 2022
Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl sc ...
Continue ReadingAugust 27, 2022
There is a NULL pointer dereference vulnerability in VTK, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to der ...
Continue ReadingAugust 27, 2022
There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.c. This issue was caused by the incorrect use of libxml2 API. The vendor forgot to call 'g_free()' t ...
Continue ReadingAugust 27, 2022
There is a NULL pointer dereference vulnerability in VTK, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to der ...
Continue ReadingAugust 26, 2022
Back to Main