Stripo Inc: Stored XSS at Module Name

Summary: Hello, I found stored xss at module name with this payload "Hello : Steps To Reproduce: 1. Add new container, it doesn't matter which is it 2. Paste this payload in the module name"Hello : 3. Update it then check the module name again in setting 4. Alert Popup Stored XSS Stored cross-sit...

Malicious Package

axois is a malicious package. Taking advantage of user's mistake in the module name at the time of installation, the code when executed, invokes home to a Command and Control server to execute arbitrary commands...

CVE-2009-0367

The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module...

CVE-2018-15891

An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name...

ALPINE-CVE-2019-12816

Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name...

CVE-2019-12816

Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name...

UBUNTU-CVE-2019-12816

Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name...

DEBIAN-CVE-2019-12816

Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name...

Security Bulletin: Vulnerabilities in busybox affect IBM Security Network Protection (CVE-2014-4607, and CVE-2014-9645 )

Summary Security vulnerabilities have been discovered in busybox, which is used by IBM Security Network Protection. Vulnerability Details CVEID: CVE-2014-4607 DESCRIPTION: Oberhumer LZO could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the...

Design/Logic Flaw

ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules - Manage modules - edit" action to the manager/ URI...

CVE-2018-11572

ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules - Manage modules - edit" action to the manager/ URI...

CVE-2018-11572

ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules - Manage modules - edit" action to the manager/ URI...

CVE-2018-11572

ClipperCMS 1.3.3 has an XSS vulnerability in the Module name field accessed via Modules → Manage modules → edit (manager/ URI). The issue allows injection of arbitrary web script or HTML (remote exploitation). Root cause: improper sanitization of the module name input. Impact: potential script ex...

ClipperCMS Cross-Site Scripting Vulnerability (CNVD-2018-10866)

ClipperCMS is a content management system CMS. A cross-site scripting vulnerability exists in the 'Module name' field under the 'Modules - Manage modules - edit' tag in ClipperCMS version 1.3.3. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

CVE-2018-11572

ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules - Manage modules - edit" action to the manager/ URI...

DEBIAN-CVE-2017-14867

Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code i...

AZL-43047 CVE-2017-14867 affecting package git for versions less than 2.45.2-1

Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code i...

USN-2545-1 linux-lts-utopic vulnerabilities

A flaw was discovered in the automatic loading of modules in the crypto subsystem of the Linux kernel. A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. CVE-2013-7421 A flaw was...

sfpagent Gem for Ruby JSON[body] Module Name Remote Command Execution

sfpagent Gem for Ruby contains a flaw that is triggered as JSONbody input is not properly sanitized when handling module names with shell metacharacters. This may allow a context-dependent attacker to execute arbitrary commands...

CVE-2009-0367

The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module...