625 matches found
CVE-2022-26627
Online Project Time Management System v1.0 was discovered to contain an arbitrary file write vulnerability which allows attackers to execute arbitrary code via a crafted HTML file...
Cross site scripting
In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability...
CVE-2021-26948
Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file...
CVE-2021-26948
Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file...
CVE-2021-26948
Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file...
Null pointer dereference
Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file...
UBUNTU-CVE-2021-26948
Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file...
CVE-2021-26948
Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file...
ROS-20220125-14
Lxml library vulnerability is related to insufficient cleansing of user data in the cleanup program HTML in the lxml.html file. Exploitation of the vulnerability could allow an attacker acting remotely to cause a victim to click on a specially crafted link and execute arbitrary HTML code and scri...
CVE-2022-22117 Directus - Stored Cross-Site Scripting (XSS) in Profile Avatar Image
In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged attacker can upload a crafted HTML file as a profile avatar, and when an admin or another user ope...
Directus 跨站脚本漏洞
Directus is a real-time Api and application dashboard. Used to manage Sql database content. Directus suffers from a cross-site scripting vulnerability that allows unlimited uploading of .html files in the media upload function, which leads to a cross-site scripting vulnerability. A low-privileged...
Windows Explorer Preview Pane HTML File Link Spoofing
Exploit Title: Windows Explorer Preview Pane HTML File Link Spoofing Vulnerability Google Dork: n/a Date: December 25th, 2021 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: http://www.microsoft.com/ Version: Windows 7, 8.1, 10, 11 x86/x64 Tested on:...
Microsoft Windows Explorer Preview Pane HTML File Link Spoofing Vulnerability
The Windows Explorer Preview Pane feature allows for spoofing of links contained in an HTML based file because upon moving the mouse over the link nothing happens and it cannot be right-clicked to show the actual target. Exploit Title: Windows Explorer Preview Pane HTML File Link Spoofing...
Backdoor.Win32.Mellpon.b Information Disclosure
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e499a4c359a8cc46e641f39c0ed548f9.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Mellpon.b Vulnerability: Remote Unauthenticated Information Disclosure Description: T...
USN-5198-1 htmldoc vulnerability
It was discovered that HTMLDOC improperly handled malformed URIs from an input html file. An attacker could use this to cause a denial of service...
CVE-2021-45017
Cross Site Request Forgery CSRF vulnerability exits in Catfish =6.1. when you upload an html file containing CSRF on the website that uses a google editor; you can specify the menu url address as your malicious url address in the Add Menu column...
Cross site request forgery (csrf)
Cross Site Request Forgery CSRF vulnerability exits in Catfish =6.1. when you upload an html file containing CSRF on the website that uses a google editor; you can specify the menu url address as your malicious url address in the Add Menu column...
CVE-2021-45017
Cross Site Request Forgery CSRF vulnerability exits in Catfish =6.1. when you upload an html file containing CSRF on the website that uses a google editor; you can specify the menu url address as your malicious url address in the Add Menu column...
CVE-2021-45017
Catfish CMS CSRF in
DEBIAN-CVE-2021-38504
When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...