7734 matches found
Command Execution Vulnerability in Blue Route Blog System (CNVD-2020-13869)
The Blue Route blog system is a user multi-user collaborative writing blog system. A command execution vulnerability exists in the Blue Route Blog System that can be exploited by an attacker to gain control of a web server...
Code execution vulnerability in Blue Route blog system se***_pa***.php file
Blue Route Blog System is built with PHP+MySQL. A code execution vulnerability exists in the sepa.php file of the Blue Route blog system. An attacker can exploit the vulnerability to execute commands and gain server privileges...
elearning-script 1.0 - Authentication Bypass Vulnerability
Exploit for windows platform in category web applications Exploit Title: elearning-script 1.0 - Authentication Bypass Author: riamloo Vendor Homepage: https://github.com/amitkolloldey/elearning-script Software Link: https://github.com/amitkolloldey/elearning-script/archive/master.zip Version: 1...
mybb -- multible vulnerabilities
mybb Team reports: High risk: Installer RCE on settings file write Medium risk: Arbitrary upload paths and Local File Inclusion RCE Medium risk: XSS via insufficient HTML sanitization of Blog feed and Extend data Low risk: Open redirect on login Low risk: SCEditor reflected XSS...
CVE-2019-6033
Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 Ver.2.10.x, Ver.2.9.26 Ver.2.9.x, and Ver.2.8.64 Ver.2.8.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2019-6034
a-blog cms versions prior to Ver.2.10.23 Ver.2.10.x, Ver.2.9.26 Ver.2.9.x, and Ver.2.8.64 Ver.2.8.x allows arbitrary scripts to be executed in the context of the application due to unspecified vectors...
CVE-2019-6033
Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 Ver.2.10.x, Ver.2.9.26 Ver.2.9.x, and Ver.2.8.64 Ver.2.8.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 Ver.2.10.x, Ver.2.9.26 Ver.2.9.x, and Ver.2.8.64 Ver.2.8.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2019-6033
Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 Ver.2.10.x, Ver.2.9.26 Ver.2.9.x, and Ver.2.8.64 Ver.2.8.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2019-6034
The CVE-2019-6034 issue exists in a-blog cms prior to versions 2.10.23 (2.10.x), 2.9.26 (2.9.x), and 2.8.64 (2.8.x). It enables arbitrary scripts to be executed in the context of the application due to a script injection flaw (unspecified vectors). Impact is that an arbitrary script may run in th...
CVE-2019-6034
a-blog cms versions prior to Ver.2.10.23 Ver.2.10.x, Ver.2.9.26 Ver.2.9.x, and Ver.2.8.64 Ver.2.8.x allows arbitrary scripts to be executed in the context of the application due to unspecified vectors...
CVE-2019-6033
CVE-2019-6033 is an XSS in a-blog cms. Affected: versions prior to 2.10.23 (2.10.x), 2.9.x prior to 2.9.26, and 2.8.x prior to 2.8.64. Description across sources states a reflected cross‑site scripting vulnerability that can allow an arbitrary script to be executed in the user’s browser. Root cau...
a-blog cms script injection vulnerability
appleple a-blog cms is a content management system CMS from appleple Japan. An injection vulnerability exists in appleple a-blog cms version 2.10.x before 2.10.23, version 2.9.x before 2.9.26, and version 2.8.x before 2.8.64. The vulnerability arises from a lack of proper validation of user input...
appleple a-blog cms cross-site scripting vulnerability (CNVD-2020-02706)
appleple a-blog cms is a content management system CMS from appleple Japan. A cross-site scripting vulnerability exists in appleple a-blog cms versions 2.10.x before 2.10.23, 2.9.x before 2.9.26, and 2.8.x before 2.8.64. The vulnerability stems from a lack of proper validation of client-side data...
'Star Wars: The Rise of Skywalker' Is a Lesson in Military Opposites
The Resistance is outmanned and outgunned, but their adaptability wins the day...
JVN#10377257: Multiple vulnerabilities in a-blog cms
a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Reflected cross-site scripting CWE-79 - CVE-2019-6033 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3...
Stripo Inc: stripo blog search SQL Injection
Summary: Sql injection of search parameters at blog search request Steps To Reproduce: 1. request https://stripo.email/blog/search/ 2. input search 1' AND SELECT 6268 FROM SELECTSLEEP5ghXo AND 'IKlK'='IKlK 3. See a very large response delay Supporting Material/References: See attached screenshot...
Intel Releases Security Updates
Intel has released security updates to address vulnerabilities in multiple products. An authenticated attacker with local access could exploit some of these vulnerabilities to gain escalation of privileges. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
CVE-2019-19682
nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogController.cs via Body or Full to Admin/News/NewsItemEdit/id Admin/Blog/BlogPostEdit/id. NOTE: the...
CVE-2019-19682
nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogController.cs via Body or Full to Admin/News/NewsItemEdit/id Admin/Blog/BlogPostEdit/id. NOTE: the...