CVE-2025-15501

creationtimestamp| type| source ---|---|--- 2026-01-09 23:21:57+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbzn7dgheh2g 2026-01-09 23:54:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbzozusc542q 2026-01-10 00:04:56+00:00| published-proof-of-concept|...

CVE-2025-15501 Sangfor Operation and Maintenance Management System getCmd WriterHandle.getCmd os command injection

A vulnerability was determined in Sangfor Operation and Maintenance Management System up to 3.0.8. Impacted is the function WriterHandle.getCmd of the file /isomp-protocol/protocol/getCmd. This manipulation of the argument sessionPath causes os command injection. Remote exploitation of the attack...

CVE-2025-15501

CVE-2025-15501 affects Sangfor Operation and Maintenance Management System up to v3.0.8. The vulnerability is in the function WriterHandle.getCmd (file /isomp-protocol/protocol/getCmd) where manipulating the argument sessionPath enables OS command injection. Remote exploitation is possible and ex...

CVE-2019-15501

Reflected cross site scripting XSS in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter...

SUSE: Security Advisory (SUSE-SU-2018:2469-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-15501

creationtimestamp| type| source ---|---|--- 2020-10-08 02:29:32+00:00| seen| https://t.me/cibsecurity/15137...

CVE-2019-15501

CVE-2019-15501 is a reflected cross-site scripting vulnerability in L-Soft LISTSERV prior to version 16.5-2018a. The flaw is triggered via the /scripts/wa.exe OK parameter, allowing an attacker to execute arbitrary JavaScript in the victim’s browser when the page is loaded. The CVE entry notes a ...

CVE-2019-15501

Reflected cross site scripting XSS in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter...

LSoft ListServ 16.5-2018a - Cross-Site Scripting

LSoft ListServ 16.5-2018a - Cross-Site Scripting Exploit Title: LSoft ListServ 2. http://127.0.0.1/scripts/wa.exe?OK= References: 1. http://www.lsoft.com/manuals/16.5/LISTSERV16.5-2018aWhatsNew.pdf 2. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15501...

LSoft ListServ < 16.5-2018a - Cross-Site Scripting

Exploit Title: LSoft ListServ 2. http://127.0.0.1/scripts/wa.exe?OK= References: 1. http://www.lsoft.com/manuals/16.5/LISTSERV16.5-2018aWhatsNew.pdf 2. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15501...

LSoft ListServ < 16.5-2018a - Cross-Site Scripting Vulnerability

Exploit for windows platform in category web applications Exploit Title: LSoft ListServ 2. http://127.0.0.1/scripts/wa.exe?OK= References: 1. http://www.lsoft.com/manuals/16.5/LISTSERV16.5-2018aWhatsNew.pdf 2. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15501 0day.today 2019-12-04...

LSoft ListServ Cross Site Scripting

Exploit Title: LSoft ListServ 2. http://127.0.0.1/scripts/wa.exe?OK= References: 1. http://www.lsoft.com/manuals/16.5/LISTSERV16.5-2018aWhatsNew.pdf 2. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15501...

CVE-2018-15501

In ngpkt in transports/smartpkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS...

SUSE SLED15 / SLES15 Security Update : libgit2 (SUSE-SU-2018:2469-1)

This update for libgit2 to version 0.26.5 fixes the following issues: The following security vulnerabilities were addressed : - CVE-2018-10887: Fixed an integer overflow which in turn leads to an out of bound read, allowing to read the base object, which could be exploited by an attacker to cause...

openSUSE Security Update : libgit2 (openSUSE-2018-1314)

This update for libgit2 fixes the following issues : - CVE-2018-8099: Fixed possible denial of service attack via different vectors by not being able to differentiate between these status codes bsc1085256. - CVE-2018-11235: With a crafted .gitmodules file, a malicious project can execute an...

openSUSE: Security Advisory for libgit2 (openSUSE-SU-2018:3519-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] [DLA 1477-1] libgit2 security update

Package : libgit2 Version : 0.21.1-3+deb8u1 CVE ID : CVE-2018-10887 CVE-2018-10888 CVE-2018-15501 CVE-2018-15501 A potential out-of-bounds read when processing a "ng" smart packet might lead to a Denial of Service. CVE-2018-10887 A flaw has been discovered that may lead to an integer overflow whi...

Security update for libgit2 (important)

This update for libgit2 to version 0.26.5 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10887: Fixed an integer overflow which in turn leads to an out of bound read, allowing to read the base object, which could be exploited by an attacker to cause...

CVE-2018-15501

In ngpkt in transports/smartpkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS...

CVE-2018-15501

In ngpkt in transports/smartpkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS...