826 matches found
Exploit for Cross-site Scripting in Boidcms
CVE-2024-53255 boid CMS 2.1.1 - reflected Cross-Site Scripting...
PT-2024-35694 · Boidcms · Boidcms
Name of the Vulnerable Software and Affected Versions: BoidCMS versions prior to 2.1.2 Description: A reflected Cross-site Scripting XSS issue exists in the "admin?page=media" endpoint, specifically in the file parameter, allowing an attacker to inject arbitrary JavaScript code. This could lead t...
BoidCMS 安全漏洞
BoidCMS is a free open source flat file CMS from BoidCMS Open Source for building simple websites and blogs, developed in PHP and using JSON as the database. A security vulnerability exists in BoidCMS 2.1.1 and earlier versions, which stems from a Reflected Cross-Site Scripting XSS vulnerability ...
CVE-2024-10791
A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /doctorAction.php. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotely. The exploit...
PT-2024-16043 · Unknown · Wfh45678 Radar
Name of the Vulnerable Software and Affected Versions: wfh45678 Radar versions up to 1.0.8 Description: A critical issue has been found in the software, affecting unknown code in the file /services/v1/common/upload. The manipulation of the file argument leads to unrestricted upload. This can be...
CVE-2024-10100
A path traversal vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as...
PT-2024-16027 · Unknown · Binary-Husky/Gpt Academic
Name of the Vulnerable Software and Affected Versions: binary-husky/gpt academic version 3.83 Description: A path traversal vulnerability exists due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host...
Classroombookings 安全漏洞
Classroombookings is a Php, Mysql based school room booking system by Craig A Rodway Individual Developer. A security vulnerability exists in Classroombookings version 2.8.7, which stems from the parameter Name of the file/sessions of the component Session Page can lead to a cross-site scripting...
PT-2024-39326 · Unknown · Scriptcase
Name of the Vulnerable Software and Affected Versions: Scriptcase version 9.4.019 Description: A path traversal issue exists in Scriptcase, allowing unauthenticated remote users to bypass intended restrictions and list or read a parent directory. This is achieved via the "subpage" parameter in th...
PT-2024-11528 · WordPress · Easy Digital Downloads
Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress versions up to, and including 3.3.3 Description: The issue concerns deserialization of untrusted input via the uploadfile parameter. This allows...
TOTOLINK AC1200 T8 UploadCustomModule function buffer overflow vulnerability
The TOTOLINK AC1200 T8 is a dual-band full gigabit router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in the TOTOLINK AC1200 T8 UploadCustomModule function. The vulnerability stems from the failure of the File parameter of the UploadCustomModule function to...
CVE-2024-46424
TOTOLINK AC1200 T8 v4.1.5cu.861B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service DoS via the File parameter...
PT-2024-31986 · Totolink · Totolink Ac1200 T8
Name of the Vulnerable Software and Affected Versions: TOTOLINK AC1200 T8 version 4.1.5cu.861 B20230220 Description: The issue is a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service DoS via the File parameter. This vulnerability...
ABCD2 跨站脚本漏洞
ABCD2 is an ABCD open source software suite for library and documentation center automation. A cross-site scripting vulnerability exists in ABCD2 2.2.0-beta-1 and earlier versions, which stems from some unknown handling of the file /buscarintegrada.php, where manipulation of the parameter...
Webmin Edit_html.cgi File Parameter Traversal Arbitrary File Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Webmin edithtml.cgi file Parameter Traversal Arbitrary File Access', 'Description' = %q This module exploits a directory traversal in Webmin 1.58...
PT-2024-38633 · Sonaar · Mp3 Audio Player – Music Player
Name of the Vulnerable Software and Affected Versions: The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress versions up to, and including, 5.7.0.1 Description: The issue is related to unauthorized arbitrary file deletion due to a missing capability check on t...
The vulnerability of the “file” parameter in the netshop CMS system’s Netcat module allows a hacker to execute arbitrary JavaScript code.
The vulnerability of the “file” parameter in the netshop CMS system’s Netcat module exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute any arbitrary JavaScript code in the user’s browser remotely...
PT-2024-38070 · WordPress · Lh Add Media From Url
Name of the Vulnerable Software and Affected Versions: LH Add Media From Url plugin for WordPress versions up to, and including, 1.23 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attacke...
itsourcecode Laravel Property Management System 代码问题漏洞
Laravel Property Management System is itsourcecode open source property management system. A code issue exists in version 1.0 of itsourcecode Laravel Property Management System due to an unlimited upload vulnerability in the file parameter of the PropertiesController.php page...
CVE-2024-7750
A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /medicines.php. The manipulation of the argument medicinename leads to sql injection. The attack can be launche...