EUVD-2021-11277

Malware in sbrugna...

PT-2025-23226 · Vllm · Vllm

Name of the Vulnerable Software and Affected Versions: vLLM versions 0.8.0 through 0.9.0 Description: The issue arises when the /v1/completions API endpoint is hit with an invalid json schema as a Guided Param, causing the vLLM server to crash. This is similar to a previously known issue but...

OFCMS 跨站脚本漏洞

OFSoft OFCMS is a content management system CMS developed by China Zhongtian Network OFSoft using Java language. OFCMS version 1.1.2 cross-site scripting vulnerability, the vulnerability stems from the file /admin/system/dict/add.json?sqlid=system.dict.save parameter dictvalue on the user-supplie...

TASKHUB-2.8.8 - XSS-Reflected

Title: TASKHUB-2.8.8-XSS-Reflected Author: nu11secur1ty Date: 09/22/2023 Vendor: https://codecanyon.net/user/infinitietech Software: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Reference: https://portswigger.net/web-security/cross-site-scripting Description: T...

Taskhub 2.8.8 Cross Site Scripting

Title: TASKHUB-2.8.8-XSS-Reflected Author: nu11secur1ty Date: 09/22/2023 Vendor: https://codecanyon.net/user/infinitietech Software: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Reference: https://portswigger.net/web-security/cross-site-scripting Description: T...

GHSA-JWG4-QCGV-5WG6 SQL Injection in Admin Translations API

Impact SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any...

SQL Injection in Translation Export API

Impact SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any...

CVE-2022-25225

Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation PostgreSQL by exploiting this issue...

CVE-2022-25225

Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation PostgreSQL by exploiting this issue...

LazyCSRF - A More Useful CSRF PoC Generator

LazyCSRF is a more useful CSRF PoC generator that runs on Burp Suite. Motivation Burp Suite is an intercepting HTTP Proxy, and it is the defacto tool for performing web application security testing. The feature of Burp Suite that I like the most is Generate CSRF PoC. However, this does not suppor...

FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Remote Privilege Escalation Exploit

Exploit Title: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Remote Privilege Escalation Date: 25.07.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.fatpipeinc.com !/usr/bin/env python3 FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Remote Privilege Escalation Vendor: FatPipe Networks Inc...

Favicon by RealFaviconGenerator < 1.3.22 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise or escape one of its parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting XSS which is executed in the context of a logged administrator. Timeline WPScanTeam: June 28th, 2021 - Details sent to vendor July 9th, 2021 - Escalat...

Mattermost: Specially crafted message request crashes the webapp for users who view the message

A specially crafted message request with a modified deletedat JSON parameter could crash the webapp for all users viewing the channel, or for anyone viewing a different channel if they switch to that channel afterward. This vulnerability could be exploited to prevent users from accessing a channe...

CVE-2021-24364

The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tiegetuserweather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting XSS vulnerability...

CVE-2021-24364 Jannah < 5.4.4 - Reflected Cross-Site Scripting (XSS)

The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tiegetuserweather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting XSS vulnerability...

CVE-2018-19558

An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php...

Cross-site Scripting (XSS)

opentsdb is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary Javascript through the json parameter with the /q URL...

OpenTSDB Cross-Site Scripting Vulnerability

OpenTSDB is a set of open source, scalable distributed time series database. A cross-site scripting vulnerability exists in OpenTSDB version 2.3.0. A remote attacker can exploit this vulnerability by sending a 'json' parameter to the /q URI to inject arbitrary web script or HTML...

CVE-2018-7543

Cross-site scripting XSS vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter...

CVE-2018-7543

Cross-site scripting XSS vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter...