682 matches found
PT-2024-34505 · Hoosk · Hoosk
Name of the Vulnerable Software and Affected Versions: Hoosk version 1.7.1 Description: The issue allows a remote attacker to execute arbitrary code via a crafted script to the config.php component. Recommendations: For Hoosk version 1.7.1, consider disabling access to the config.php component...
CVE-2024-51055
An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component...
CVE-2024-51358
An issue in Linux Server Heimdall v.2.6.1 allows a remote attacker to execute arbitrary code via a crafted script to the Add new application...
python-gevent: privilege escalation via a crafted script to the WSGIServer component
A flaw was found in python-event, which could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in the WSGIServer component. By using a specially crafted script, an attacker can gain elevated privileges...
Heimdall 安全漏洞
Heimdall is an open source application panel and launcher for LinuxServer.io. A security vulnerability exists in Heimdall version v.2.6.1, which originates from a remote attacker who can execute arbitrary code via a specially crafted script that adds a new application...
CVE-2024-51358
CVE-2024-51358 affects Linux Server Heimdall v2.6.1. A remote attacker can execute arbitrary code by sending a crafted script to the Add new application endpoint. Impact per CVSS: HIGH confidentiality, integrity, and availability; base score 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Multiple sou...
CVE-2024-51358
An issue in Linux Server Heimdall v.2.6.1 allows a remote attacker to execute arbitrary code via a crafted script to the Add new application...
CVE-2024-27524
Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the newticket.php component...
CVE-2024-27525
Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the home.php component...
CVE-2024-48195
Cross Site Scripting vulnerability in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted script to the post parameter...
PT-2024-33019 · Eyoucms · Eyoucms
Name of the Vulnerable Software and Affected Versions: eyouCMS version 1.6.7 Description: The issue allows a remote attacker to obtain sensitive information by sending a crafted script to the post parameter. Recommendations: For eyouCMS version 1.6.7, consider restricting access to the post...
CVE-2024-48204
SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote attacker to execute arbitrary code via a crafted script...
CVE-2024-48204
SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote attacker to execute arbitrary code via a crafted script...
CVE-2024-48204
CVE-2024-48204 affects Hanzhou Haobo network management system v1.0. The Red Hat/NVD/CVE entries and related advisories describe a SQL injection flaw that enables a remote attacker to execute arbitrary code via a crafted script. The reports consistently identify the vulnerability as a high-severi...
CVE-2024-48654
Cross Site Scripting vulnerability in Blood Bank v.1 allows a remote attacker to execute arbitrary code via a crafted script to the login.php component...
CLSA-2024-1729629058 python-lxml: Fix of CVE-2021-43818
CVE-2021-43818: prevent certain crafted script content passing through in HTML Cleaner...
python-gevent: privilege escalation via a crafted script to the WSGIServer component
A flaw was found in python-event, which could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in the WSGIServer component. By using a specially crafted script, an attacker can gain elevated privileges...
python-gevent: privilege escalation via a crafted script to the WSGIServer component
A flaw was found in python-event, which could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in the WSGIServer component. By using a specially crafted script, an attacker can gain elevated privileges...
python-gevent: privilege escalation via a crafted script to the WSGIServer component
A flaw was found in python-event, which could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in the WSGIServer component. By using a specially crafted script, an attacker can gain elevated privileges...
LimeSurvey Cross Site Scripting vulnerability
Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields...