18 matches found
CVE-2024-29912
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Baptiste Placé iCalendrier allows Stored XSS.This issue affects iCalendrier: from n/a through 1.80...
UBUNTU-CVE-2024-47763
Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtim...
CVE-2024-6441
A vulnerability was found in ORIPA up to 1.72. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/oripa/persistence/doc/loader/LoaderXML.java. The manipulation leads to deserialization. The attack can be launched remotely...
PT-2024-23134 · Unknown · Icalendrier
Name of the Vulnerable Software and Affected Versions: iCalendrier versions 1.80 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For versions 1.80...
WordPress iCalendrier Plugin <= 1.80 is vulnerable to Cross Site Scripting (XSS)
Software iCalendrier Type Plugin Vulnerable versions = 1.80 Fixed in 1.81 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29912 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 149ae9093141 Credits LVT-tholv2k Required privilege Contributor...
WordPress Share This Image Plugin <= 1.80 is vulnerable to Cross Site Scripting (XSS)
Software Share This Image Type Plugin Vulnerable versions = 1.80 Fixed in 1.81 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 3c9ca225ea17 Credits Rafie Muhammad Patchstack Required...
Amazon Linux AMI : git (ALAS-2023-1700)
The version of git installed on the remote host is prior to 2.38.4-1.80. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1700 advisory. Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36....
WordPress 1003 Mortgage Application Plugin <= 1.75 is vulnerable to CSV Injection
Software 1003 Mortgage Application Type Plugin Vulnerable versions = 1.75 Fixed in 1.80 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2022-45357 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID aadde6bd0ebf Credits Rodrigo Escobar ipax Required privilege...
CVE-2022-25410
Maxsite CMS v180 was discovered to contain a stored cross-site scripting XSS vulnerability via the parameter ffiledescription at /admin/files...
HPE IlO Amplifier Pack 路径遍历漏洞
HPE IlO Amplifier Pack is a database management software for use in clustered environments from HPE, USA. The software supports Gen8, Gen9 and Gen10 Hewlett Packard Enterprise with automatic firmware and driver updates, manual or automatic recovery of firmware-corrupted systems, and maximizes...
Vulnerability fixed in HP Integrated Lights Out Amplifier Pack
HP has fixed a vulnerability in Integrated Lights Out Amplifier Pack. An unauthenticated malicious person can exploit the exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the...
CVE-2019-6584
A vulnerability has been identified in SIEMENS LOGO!8 6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx, SIEMENS LOGO!8 6ED1052-xyy08-0BA0 FS:01 / Firmware version V1.82.02. The integrated webserver does not invalidate the Session ID upon user logout. An attacker that...
Yaws < 1.80 (multiple headers) Remote Denial of Service Exploit
No description provided by source. !usr/bin/perl -w Yaws before 1.80 allows remote attackers to cause a denial of service memory consumption and crash via a request with a large number of headers. Refer: http://yaws.hyber.org/ http://www.securityfocus.com/bid/33834/discuss...
phpKF Forum 1.80 profil_degistir.php CSRF Exploit
Exploit for php platform in category web applications ================================================= phpKF Forum 1.80 profildegistir.php CSRF Exploit ================================================= Exploit Title : phpKF Forum profildegistir.php CSRF Exploit. Google Dork : php Kolay Forum php...
PHPKF Forum 1.80 - 'profil_degistir.php' Cross-Site Request Forgery
Exploit Title : phpKF Forum profildegistir.php CSRF Exploit. Google Dork : php Kolay Forum phpKF © 2007 - 2010 phpKF Ekibi Date : 05-12-2010 Author : FreWaL Software Link : http://www.phpkf.com/dosya.php?no=935 Version : 1.80 and tested on All version My Website : www.imhatimi.org & www.ihtilal.i...
Yaws < 1.80 (multiple headers) Remote Denial of Service Exploit
Exploit for multiple platform in category dos / poc =============================================================== Yaws ; chomp$vulnhostip; $port = 80; $sockhttp = IO::Socket::INET-new...
Design/Logic Flaw
Yaws before 1.80 allows remote attackers to cause a denial of service memory consumption and crash via a request with a large number of headers...
CVE-2000-0670
CVE-2000-0670 affects CVSWeb 1.80. The cvsweb CGI script allows remote attackers with write access to a CVS repository to execute arbitrary shell commands. This is a local-style attack vector with the attacker authenticated to the CVS repository, and the impact is arbitrary command execution in t...