Design/Logic Flaw

Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The...

Sql injection

Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of securi...

CVE-2018-11774

Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of securi...

CVE-2018-11773

Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The...

CVE-2018-11773

Apache VCL exposes a vulnerability in versions 2.1–2.5 where submitted block allocation form input is not properly validated and is passed to PHP’s strtotime, enabling exploitation of that function’s behavior. The advisory notes that versions earlier than 2.5.1 should be upgraded or patched; upgr...

CVE-2019-12134

CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in Workday through 32 via a value provided by a low-privileged user in a contact form field that is mishandled in a CSV export...

Use-After-Free

Mozilla Firefox is vulnerable to use-after-free vulnerability. This occurs when manipulating form input elements. An attacker could cause a potentially exploitable crash resulting a denial of service condition...

Bashter - Web Crawler, Scanner, And Analyzer Framework

Bashter is a tool for scanning a Web-based Application. Bashter is very suitable for doing Bug Bounty or Penentration Testing. It is designed like a framework so you can easily add a script for detect vulnerability. For Example You can add something script like this:...

CVE-2019-9016

An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the formname parameter in a mod=column request, as demonstrated by the...

Input validation

Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird 52.9...

Component AlphaIndex Dictionaries SQL Injection Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A SQL injection vulnerability exists in the Joomla! component AlphaIndex Dictionaries. The vulnerability is caused by an attacker inserting SQL commands into the query string of a w...

Social Factory SQL Injection Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A SQL injection vulnerability exists in the Social Factory component of Joomla! The vulnerability is caused by inserting SQL commands into the query string of a web form submission ...

Component Music Collection SQL Injection Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A SQL injection vulnerability exists in the Music Collection component of Joomla! The vulnerability is caused by inserting SQL commands into the query string of a web form submissio...

VulnCheck KEV: CVE-2016-6277

NETGEAR confirmed multiple routers allow unauthenticated web pages to pass form input directly to the command-line interface, permitting remote code execution...

Joomla! Component Zh GoogleMap 8.4.0.0 - SQL Injection

input name="id" value="-11 UNION ALL SELECT...

Mozilla: Use-after-free while manipulating form input elements (MFSA 2018-03)

A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firefox 58...

PHPMyWind 5.3 - Cross-Site Scripting

Exploit Title：PHPMyWind 5.3 has XSS Exploit Author:小雨 Vendor Homepage:http://phpmywind.com Software Link:http://phpmywind.com/downloads/PHPMyWind5.3.zip Version:5.3 CVE:CVE-2017-12984 $r= $dosql-GetOne"SELECT Maxorderid AS orderid FROM @message"; $orderid= empty$r'orderid' ? 1 : $r'orderid' + 1;...

Pivotal Spring Web Flow Remote Code Execution Vulnerability

Pivotal Spring Web Flow is a web application from Pivotal Software, Inc. that provides navigation for check-in, loan application or shopping cart checkout. A remote code execution vulnerability exists in Pivotal Spring Web Flow versions 2.4.0 through 2.4.4. The vulnerability is caused due to a...

NUUO NVRmini 2 3.0.8 - Cross-Site Request Forgery (Add Admin)

...

Security update for MozillaFirefox, mozilla-nss (important)

Mozilla Firefox was updated to 48.0 to fix security issues, bugs, and deliver various improvements. The following major changes are included: - Process separation e10s is enabled for some users - Add-ons that have not been verified and signed by Mozilla will not load - WebRTC enhancements - The...