CVE-2021-46025

The CVE-2021-46025 entry describes a Cross-Site Scripting (XSS) vulnerability in OneBlog

CVE-2021-46025

A Cross SIte Scripting XSS vulnerability exists in OneBlog = 2.2.8. via the add function in the operation tab list in the background...

Remote Code Execution (RCE)

aaptjs is vulnerable to remote code execution. The vulnerability exists because of lack of sanitization of user-provided data in the add function, allowing an attacker to provide malicious code via its filePath parameter...

Code injection

An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 which allows attackers to execute arbitrary code via the filePath parameter...

Shenzhim Aaptjs 操作系统命令注入漏洞

aaptjs is a node wrapper for aapt. aaptjs version 1.3.1 has a remote code execution vulnerability in the add function. An attacker can exploit this vulnerability to execute arbitrary code via the filePath parameter...

Cross site scripting

Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the Displayname field when using the Add, Edit or Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML...

CVE-2021-42329

The “ListAdd” function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user’s privilege, remote attackers can inject JavaScript and execute stored XSS attacks...

PT-2020-6930 · Libssh2 +6 · Libssh2 +6

Name of the Vulnerable Software and Affected Versions: libssh2 version 1.10.0 Description: An issue was discovered in the libssh2 packet add function that allows attackers to access out of bounds memory, potentially leading to a denial of service. This issue is related to a buffer overflow in the...

YzmCMS 5.5 - (url) Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: YzmCMS 5.5 - 'url' Persistent Cross-Site Scripting Exploit Author: En Vendor Homepage: https://github.com/yzmcms/yzmcms Software Link: https://github.com/yzmcms/yzmcms Version: V5.5 Category: Web Application Patched Version:...

PT-2019-11458 · Abcm2Ps +2 · Abcm2Ps +2

Name of the Vulnerable Software and Affected Versions: abcm2ps versions 8.13.20 Description: The issue is related to Incorrect Access Control, allowing attackers to cause a denial of service attack via a crafted file. The component affected is front.c, specifically the function txt add...

ShopsN single merchant b2c mall system v2.3.6 has SQL injection vulnerability

ShopsN single merchant b2c mall system is an open source online store system developed using PHP + MySQL. ShopsN single merchant b2c mall system v2.3.6Us.class .php file addressadd function has a SQL injection vulnerability , an attacker can use this vulnerability to obtain the administrator...

EasyBoot v6.6.0.800 - (Function Key) Buffer Overflow

Document Title: =============== EasyBoot v6.6.0.800 - Function Key Buffer Overflow References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2155 Release Date: ============= 2018-10-15 Vulnerability Laboratory ID VL-ID: ==================================== 2155...

bibutils null pointer dereference vulnerability

bibutils is a document format conversion tool. A security vulnerability exists in the 'fieldsadd' function in the fields.c file of the libbibcore.a file in bibutils 6.2 and earlier. A remote attacker can exploit this vulnerability to cause a denial of service null pointer backreference and...

CVE-2018-10236

POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP code via the diy\dayrui\controllers\admin\Syscontroller.php 'add' function because an attacker can control the value of $data'name' with no restrictions, and this value is written to the FCPATH.$file file...

CVE-2018-10236

POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP code via the diy\dayrui\controllers\admin\Syscontroller.php 'add' function because an attacker can control the value of $data'name' with no restrictions, and this value is written to the FCPATH.$file file...

PHPB2B 最新版sql注射无限充值（官网demo成功）

简要描述： rt 详细说明： 看到注册用户处 ifisset$POST'register' $iscompany = false; $ifneedcheck = false; $registertype = trim$POST'register'; $registertypename = trim$POST'typename'; pbsubmitcheck'data'; $defaultmembergroupidres = $pdb-GetRow"SELECT FROM $tbprefixmembertypes WHERE name='".$registertypename."'";...

D-Link DAP-1150 index.cgi多个参数存储型跨站脚本漏洞

D-link DAP-1150是一款路由器设备。 D-link DAP-1150不正确处理add函数中'resbuf'参数中的'Name', 'IP Addresses Source', 'Destination', 'Ports Source'和'Destination'字段数据，允许攻击者利用漏洞构建恶意URI，诱使用户解析，可获取敏感信息或劫持用户会话。 0 D-link DAP-1150 目前没有详细解决方案： http://www.dlink.com.au/products/?pid=735...

Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48)

The cairoxlibsurfaceaddglyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service invalid write operation via unspecified vectors...

CVE-2005-0996

Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via 1 the email or url parameters in the Add function, 2 the min parameter in the viewsdownload function, or 3 the min parameter in the search function...