81 matches found
CVE-2025-30197
Jenkins Zoho QEngine Plugin 1.0.29.vfacc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it...
CVE-2024-4661
The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the val...
kernel: wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace
A vulnerability was discovered in the Intel wireless iwlwifi driver in the Linux kernel that could lead to a buffer overflow in the Driver Virtualization Module key handling code. When processing a received TKIP key that includes MIC rx/tx components, the driver did not adequately limit the amoun...
pimcore is vulnerable to cross-site scripting in Composite indices key field
Impact Pimcore is vulnerable to Cross site scripting vulnerability in classes module. Patches Update to version 10.5.20. Workarounds Apply the patch https://github.com/pimcore/pimcore/commit/765832f0dc5f6cfb296a82e089b701066f27bcef.patch manually...
Klaviyo <= 3.0.10 - Admin+ Stored XSS
The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to Klaviyo Settings, and at Klaviyo...
Stored Cross Site Scripting (XSS) via "properties" during creating new users
Description From demo url login click people icon at the left bar click "Customers" Click "New Customer" button from page Fill up the "Edit" tab Click "Save" button above Click "Properties" tab From "Add a custom Property" field , add "Test" on the first field Click and select "text" on the secon...
CVE-2022-31124 Possible leak of key's raw field if declared length is incorrect in openssh_key_parser
opensshkeyparser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker...
CVE-2022-31124
OpenSSH key parser (openssh_key_parser) contains a vulnerability in which, prior to version 0.0.6, if a key field is shorter than declared, the error message includes the raw field value. An attacker who can modify the declared length of a key’s sensitive field can expose the raw value of that fi...
CVE-2022-30326
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The network pre-shared key field on the web interface is vulnerable to XSS. An attacker can use a simple XSS payload to crash the basic.config page of the web interface...
Design/Logic Flaw
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The network pre-shared key field on the web interface is vulnerable to XSS. An attacker can use a simple XSS payload to crash the basic.config page of the web interface...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the classPKField parameter to CommerceChannelRelFinder.countByCC and CommerceChannelRelFinder.findByCC. An attacker can execute arbitrary SQL commands by injecting malicious SQL code. Remediation Upgrade...
Pimcore 跨站脚本漏洞
Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce framework and product information management applications. cross-site scripting vulnerabilities exist ...
CVE-2021-27722
An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The program can be crashed by entering 300 bytes char data into the "Key" or "Name" field while registering...
Nsasoft SpotAuditor 安全漏洞
Nsasoft SpotAuditor is an advanced password recovery software from Nsasoft USA Inc. A denial-of-service vulnerability exists in Nsasoft US LLC SpotAuditor version 5.3.5, which is used to recover lost or forgotten passwords for over 40 popular Windows programs and tools. The vulnerability is cause...
CVE-2019-18223
ZOOM International Call Recording 6.3.1 suffers from multiple authenticated stored XSS vulnerabilities via the phoneNumber field in the 1 User Edit or 2 User Add form, 3 name field in the Role Add form, 4 name or number field in the Edit Group form, 5 tagKey or tagValue field in the Recording Rul...
Nsasoft Product Key Explorer key field Denial of Service Vulnerability
Product Key Explorer is a program key display tool. A denial of service vulnerability exists in the Nsasoft Product Key Explorer key field. The vulnerability is due to improper handling of the length of the key field and can be exploited by an attacker to cause the program to crash...
CVE-2016-10953
The Headway theme before 3.8.9 for WordPress has XSS via the license key field...
CVE-2016-10953
The Headway theme before 3.8.9 for WordPress has XSS via the license key field...
PT-2019-7746 · Headway · Headway
Name of the Vulnerable Software and Affected Versions: Headway theme versions prior to 3.8.9 Description: The issue concerns a Cross-Site Scripting XSS flaw. This type of flaw occurs when an application includes user input in its output without proper validation or encoding, allowing an attacker ...
SpotIM 2.2 - Denial of Service Exploit
-- coding: utf-8 -- Exploit Title: SpotIM 2.2 - 'Name/Key' Denial of Service PoC Author: Alejandra Sánchez Vendor Homepage: http://www.nsauditor.com Software Link http://www.nsauditor.com/downloads/spotimsetup.exe Version: 2.2 Tested on: Windows 10 Proof of Concept: 1.- Run the python script...