EUVD-2013-3891

Malware in sbrugna...

ClicShopping 跨站脚本漏洞

ClicShopping is an e-commerce open source solution from ClicShopping Open Source. A security vulnerability exists in ClicShopping version v3.402, which originates from Cross-Site Scripting XSS and allows an attacker to execute arbitrary Web script or HTML via crafted URL parameters...

Design/Logic Flaw

The permission control of AIFU cashier management salary query function can be bypassed, thus after obtaining general user’s permission, the remote attacker can access account information except passwords by crafting URL parameters...

CVE-2021-42331

The “Study Edit” function of ShinHer StudyOnline System does not perform permission control. After logging in with user’s privilege, remote attackers can access and edit other users’ tutorial schedule by crafting URL parameters...

Code injection

The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote authenticated users to enumerate account names via crafted U...

Mandriva Update for phpmyadmin MDVSA-2011:198 (phpmyadmin)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in libraries/displayexport.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the 1 server, 2 database, and 3 table sections...

CVE-2011-4780

Multiple cross-site scripting XSS vulnerabilities in libraries/displayexport.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the 1 server, 2 database, and 3 table sections...

CVE-2011-4780

Multiple cross-site scripting XSS vulnerabilities in libraries/displayexport.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the 1 server, 2 database, and 3 table sections...

CVE-2011-4780

Multiple cross-site scripting XSS vulnerabilities in libraries/displayexport.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the 1 server, 2 database, and 3 table sections...

Skype skype4com URI Handler Remote Heap Corruption (CVE-2007-5989)

Skype is a peer-to-peer Voice over IP VoIP Internet telephony network solution. The product is used to transfer real time conversations between two peers over the Internet. Skype users can speak to other Skype users, receive calls from traditional phones, and receive voice-mail messages. Peers ar...