CVE-2023-29712: DOM-based XSS in Vade Secure Gateway
Severity: Medium
A DOM-Based Cross Site Scripting vulnerability found in Vade Secure Gateway <= 3.0 allows a remote attacker to execute arbitrary JavaScript code on the victim's browser via header parameter.CVE-2023-29714: DOM-based XSS in Vade Secure Gateway
Severity: Medium
A DOM-Based Cross Site Scripting vulnerability found in Vade Secure Gateway <= 3.0 allows a remote attacker to execute arbitrary JavaScript code on the victim's browser via cookies parameter.CVE-2022-48111: SIRI WI400 – XSS on Login Page
A cross-site scripting (XSS) vulnerability in the check_login function of S.I.R.I. s.r.l WI400 between v.8 and v.11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the “f” parameter.CVE-2022-22834: OverIT Geocall v. < 8.0 – XSLT Injection
Severity: Medium
OverIT projects based on the same Geocall-Framework at level v. < 8, an authenticated user who has the “Test Trasformazione xsl” functionality enabled can exploit an XSLT Injection vulnerability in order to achieve remote code execution (RCE). The vulnerability is triggered by sending a specific XSL tag inside the XML field.
CVE-2021-40827: Clementine Music Player v. <= v.1.3.1 - Read Access Violation on Block Data Move
Severity: Medium
Clementine Music Player v. <= 1.3.1, in libgstreamer-1.0-0.dll (F1CC318CA54B8BC35179A48DAEBB94DF741D9E3B) module, is affected by a Read Access Violation on Block Data Move (potential Stack Overflow), affecting the MP3 file parsing functionality at memcpy+0x265.
The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine.
Attackers could exploit this issue to cause a crash (DoS) of the clementine.exe process or achieve arbitrary code execution in the context of the current logged-in Windows user.
eip=76888f55 esp=0edcfb38 ebp=0edcfb40 iopl=0 nv dn ei pl nz ac pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010616
msvcrt!memcpy+0x265:
76888f55 f3a5 rep movs dword ptr es:[edi],dword ptr [esi]
FAILURE_BUCKET_ID: INVALID_POINTER_READ_c0000005_msvcrt.dll!memcpy
Basic Block:
777c8f55 rep movs dword ptr es:[edi],dword ptr [esi]
Tainted Input operands: 'ecx','esi'
777c8f57 cld
777c8f58 jmp dword ptr msvcrt!memcpy+0x310 (777c9000)[edx*4]
Exception Hash (Major/Minor): 0xb323a61f.0x1e633652
Hash Usage : Stack Trace:
Major+Minor : msvcrt!memcpy+0x265
Major+Minor : libgstreamer_1_0_0!gst_buffer_fill+0x190
Major+Minor : libgsttag_1_0_0!gst_tag_mux_get_type+0x20df
Major+Minor : libgsttag_1_0_0!gst_tag_list_from_id3v2_tag+0x9ab
Major+Minor : libglib_2_0_0!g_rec_mutex_unlock+0x14
Minor : libgstreamer_1_0_0!gst_buffer_unmap+0x56
Minor : libgstreamer_1_0_0!gst_memory_resize+0x22
Minor : libgstid3demux+0x17fc
Minor : libgstreamer_1_0_0!gst_buffer_set_size+0x2f
Minor : libgsttag_1_0_0!gst_tag_demux_get_type+0x1011
Minor : libgstreamer_1_0_0!gst_element_get_type+0x114
Minor : libgsttag_1_0_0!gst_tag_demux_get_type+0x1c49
Minor : libglib_2_0_0!g_mutex_unlock+0x12
Minor : libgstreamer_1_0_0!gst_tag_setter_get_tag_merge_mode+0x186
Minor : KERNEL32!timeGetTime+0x37
Minor : libglib_2_0_0!g_thread_pool_new+0x2f6
Instruction Address: 0x0000000076888f55
Description: Read Access Violation on Block Data Move
Short Description: ReadAVonBlockMove
Exploitability Classification: PROBABLY_EXPLOITABLE
Recommended Bug Title: Probably Exploitable - Read Access Violation on Block Data Move starting at msvcrt!memcpy+0x0000000000000265 (Hash=0xb323a61f.0x1e633652)
CVE-2021-40826: Clementine Music Player v. <= v.1.3.1 - User Mode Write Access Violation
Severity: Medium
Clementine Music Player v. <= 1.3.1 is affected by a User Mode Write Access Violation, affecting the MP3 file parsing functionality at clementine+0x3aa207.
The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine.
Attackers could exploit this issue to cause a crash (DoS) of the clementine.exe process or achieve arbitrary code execution in the context of the current logged-in Windows user.
eip=007aa207 esp=561af1f8 ebp=561af280 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202
clementine+0x3aa207:
007aa207 894604 mov dword ptr [esi+4],eax ds:002b:00000004=????????
FAILURE_BUCKET_ID: NULL_CLASS_PTR_WRITE_AVRF_c0000005_clementine.exe!Unknown
Basic Block:
007aa207 mov dword ptr [esi+4],eax
Tainted Input operands: 'eax','esi'
007aa20a mov eax,dword ptr [ebp+0ch]
007aa20d mov dword ptr [esi+8],eax
007aa210 lock inc dword ptr [qtcore4!zn9qlistdata11shared_nulle (6e200074)]
007aa217 setne al
007aa21a mov eax,dword ptr [esi]
007aa21c mov dword ptr [esi],offset qtcore4!zn9qlistdata11shared_nulle (6e200074)
007aa222 lock dec dword ptr [eax]
007aa225 setne dl
007aa228 test dl,dl
007aa22a jne clementine+0x3aa23b (007aa23b)
Exception Hash (Major/Minor): 0xf535c3f1.0x4c51c076
Hash Usage : Stack Trace:
Major+Minor : clementine+0x3aa207
Major+Minor : clementine+0x2555e4
Major+Minor : libgobject_2_0_0!g_cclosure_marshal_VOID__OBJECTv+0x46
Instruction Address: 0x00000000007aa207
Description: User Mode Write AV near NULL
Short Description: WriteAVNearNull
Exploitability Classification: UNKNOWN
Recommended Bug Title: User Mode Write AV near NULL starting at clementine+0x00000000003aa207 (Hash=0xf535c3f1.0x4c51c076)