CVE-2020-10257

creationtimestamp| type| source ---|---|--- 2025-10-22 21:02:33+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m3sqld3yws2i...

CVE-2020-10257

CVE-2020-10257 concerns the WordPress ThemeREX Addons plugin prior to 2020-03-09. The issue is an access-control flaw in the /trx_addons/v2/get/sc_layout REST API endpoint: includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe sc parameter, allowing unauthenticated users...

CVE-2019-10257

CVE-2019-10257 affects Zucchetti HR Portal (through 2019-03-15). It is a directory traversal/path-traversal vulnerability that allows unauthenticated users to escape restricted directories (dot-dot-slash) and read files, including the application’s Java sources under /WEB-INF/classes/*.class. NVD...

CVE-2018-10257

CVE-2018-10257 describes a CSV Injection in HRSALE The Ultimate HRM v1.0.2. A low-privilege user can inject a command into CSV exports (e.g., in the First Name field) that becomes part of the downloaded file, potentially leading to code execution. The PoC shows adding =cmd|'/C calc'!A1 in a user’...

HRSALE The Ultimate HRM v1.0.2 - CSV Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: HRSALE The Ultimate HRM 1.0.2 - CSV Injection Exploit Author: 8bitsec CVE: CVE-2018-10257 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/hrsale-the-ultimate-hrm/21665619 Version: 1.0.2 Tested...

HRSALE The Ultimate HRM 1.0.2 CSV Injection

Exploit Title: HRSALE The Ultimate HRM 1.0.2 - CSV Injection Date: 2018-04-23 Exploit Author: 8bitsec CVE: CVE-2018-10257 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/hrsale-the-ultimate-hrm/21665619 Version: 1.0.2 Tested on: Kali Linux 2.0 | Mac OS 10.13...

HRSALE The Ultimate HRM 1.0.2 - CSV Injection

Exploit Title: HRSALE The Ultimate HRM 1.0.2 - CSV Injection Date: 2018-04-23 Exploit Author: 8bitsec CVE: CVE-2018-10257 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/hrsale-the-ultimate-hrm/21665619 Version: 1.0.2 Tested on: Kali Linux 2.0 | Mac OS 10.13...

HRSALE The Ultimate HRM 1.0.2 - CSV Injection

HRSALE The Ultimate HRM 1.0.2 - CSV Injection Exploit Title: HRSALE The Ultimate HRM 1.0.2 - CSV Injection Date: 2018-04-23 Exploit Author: 8bitsec CVE: CVE-2018-10257 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/hrsale-the-ultimate-hrm/21665619 Version: 1.0...

CVE-2016-10257

Symantec ProxySG/ASG products are affected by CVE-2016-10257: a reflected XSS in the management console. Affected: ASG 6.6 and ASG 6.7 (before 6.7.2.1); ProxySG 6.5 (before 6.5.10.6), 6.6, and 6.7 (before 6.7.2.1). The flaw allows an attacker to inject arbitrary JavaScript into the management con...

SA155: Multiple ASG and ProxySG Vulnerabilities

SUMMARY The Symantec ASG and ProxySG management consoles are susceptible to multiple vulnerabilities. A remote attacker can, under certain circumstances, obtain sensitive authentication credential information, redirect target users to malicious sites, and inject arbitrary JavaScript code into the...

CVE-2017-10257

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products subcomponent: Browse Folder Hierarchy. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

CVE-2017-10257

CVE-2017-10257 affects Oracle PeopleSoft Enterprise PRTL Interaction Hub (Browse Folder Hierarchy subcomponent) in version 9.1.0. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the hub, with user interaction required for exploitation. Consequences ...