CVE-2024-31178

Out-of-bounds Read vulnerability in Open Networking Foundation ONF libfluid libfluidmsg module. This vulnerability is associated with program routine fluidmsg::of13::TableFeaturePropNextTables::unpack. This issue affects libfluid: 0.1.0...

CVE-2024-31172

Out-of-bounds Read vulnerability in Open Networking Foundation ONF libfluid libfluidmsg module. This vulnerability is associated with program routine fluidmsg::of10::StatsReplyTable::unpack. This issue affects libfluid: 0.1.0...

CVE-2024-31168

Out-of-bounds Read vulnerability in Open Networking Foundation ONF libfluid libfluidmsg module. This vulnerability is associated with program routine fluidmsg::EchoCommon::unpack. This issue affects libfluid: 0.1.0...

PT-2024-23814 · Open Networking Foundation · Libfluid

Name of the Vulnerable Software and Affected Versions: libfluid version 0.1.0 Description: The issue is an Out-of-bounds Read vulnerability in the Open Networking Foundation ONF libfluid, specifically in the libfluid msg module. It is associated with the program routine fluid...

The vulnerability of the Message module in the Admidio membership and access control application allows a perpetrator to execute arbitrary code.

The vulnerability of the Message module of the Admidio membership and access control application relates to the unlimited loading of dangerous types of files. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

CVE-2024-38529 Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.10, there is a Remote Code Execution Vulnerability in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The...

CVE-2024-38529 Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.10, there is a Remote Code Execution Vulnerability in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The...

Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment

Description: Remote Code Execution Vulnerability has been identified in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL admidiobaseurl/admmyfiles/messagesattachments/filename. Th...

PT-2024-5487 · Admidio · Admidio

Name of the Vulnerable Software and Affected Versions: Admidio versions prior to 4.3.10 Description: A Remote Code Execution issue exists in the Message module of the Admidio Application. This is due to the lack of file extension verification, allowing malicious files to be uploaded to the server...

CVE-2024-37828

A stored cross-site scripting XSS in Vermeg Agile Reporter v23.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field under the Set Broadcast Message module...

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1782 Cross-site scripting vulnerability in Scheduler CWE-79 - CVE-2021-20753 CyVDB-2029 Improper input validation vulnerability in Workflow CWE-20 - CVE-2021-20754 CyVDB-2071 Viewing restrictions...

Cybozu Garoon 跨站请求伪造漏洞

A cross-site request forgery vulnerability exists in Message in Cybozu Garoon, a portal-based OA system from Cybozu Japan. An attacker could use this vulnerability to trick users into performing unintended actions...

Cybozu Garoon 跨站脚本漏洞

A cross-site scripting vulnerability exists in Message in Cybozu Garoon, a portal-based OA office system from Cybozu Japan. An attacker can use this vulnerability to execute arbitrary scripts on a logged-in user's Web browser...

File Inclusion Vulnerability in PHPSCUP

PHPSCUP is a set of pursuit of simplicity and ease of use of the system, the system is built-in business profile module, news module, product module, talent module, online message module and so on. PHPSCUP file contains a vulnerability that can be exploited by attackers to obtain server control...

XSS Vulnerability in the Short Message Module of the Qibo x1 Content Management System

Qibo X1 1.0 is a content management system developed by Qibo Software based on thinkphp5. An XSS vulnerability exists in the short message module of the Qibo X1 content management system, which can be exploited by an attacker to obtain user cookie information...

Cross site scripting

An XSS issue was discovered in Advanced Electron Forum AEF v1.0.9. A persistent XSS vulnerability is located in the FTP Link element of the Private Message module. The editor of the private message module allows inserting links without sanitizing the content. This allows remote attackers to injec...

Storage-based Cross-site Scripting Vulnerability in Aisook General Enterprise Website Builder System

Aisok universal enterprise building system cicms is based on PHP + Mysql development of an enterprise website management system. A storage-based cross-site scripting vulnerability exists in the Aisook General Enterprise Website Builder System. The vulnerability is caused by the message function...

mcms最新版SQL注入三枚打包（可出任意数据）

简要描述： mcms最新版SQL注入三枚打包（可出任意数据） 详细说明： 在wooyun上看到掌易科技终于不再忽略漏洞了，我也来凑凑热闹吧。去下了mcms的最新版（v3.1.0.enterprise），来研究研究。 注入一枚：POST /app/message/?m=savemessage post中有本个参数，虽然都经过了xss和sql的过滤，但是过滤的并不完全，我们看看是如何注入的。 看看代码/app/message/index.php function msavemessage global $dbm,$C,$V; $POST=H::sqlxss$POST;...

CVE-2013-4523

Cross-site scripting XSS vulnerability in message/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted message...

CVE-2004-1467

Multiple cross-site scripting XSS vulnerabilities in eGroupWare 1.0.00.003 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 date or search text field in the calendar module, 2 Field parameter, Filter parameter, QField parameter, Start parameter or Search field in th...