CVE-2026-34791

Endian Firewall versions 3.3.25 and earlier are affected by a command-injection flaw in /cgi-bin/logs_proxy.cgi through the DATE parameter. The value is used to build a file path then passed to a Perl open(), with incomplete regex validation enabling authenticated users to execute arbitrary OS co...

CVE-2019-25378

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHESIZE, MAXSIZE, MINSIZE, MAXOUTGOINGSIZE, and MAXINCOMINGSIZE. Attackers can submit POS...

The vulnerability in the proxy.php script of the Collabora Online built-in document editing server allows attackers to perform cross-site scripting attacks.

The vulnerability of the proxy.php script in the built-in document editing server Collabora Online – CODE Server richdocumentcode is related to the lack of measures taken to protect the web page structure during error messages processing. Exploiting this vulnerability allows a malicious actor to...

PT-2023-7598 · Collabora +2 · Collabora Online - Built-In Code Server +2

Name of the Vulnerable Software and Affected Versions: Collabora Online - Built-in CODE Server versions prior to 23.5.601 Description: The issue is related to the proxy.php script in the Collabora Online - Built-in CODE Server, which fails to protect the web page structure when handling error...

The vulnerability of Eclipse Jetty servlet containers arises from insufficient validation of input data, allowing attackers to cause failures in the proxy script.

The vulnerability of Eclipse Jetty servlet containers exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause failures in the proxy scenarios...

LMeve SQL注入漏洞

LMeve is the industry manager and contribution tracker for EVE Online. A SQL injection vulnerability exists in roxlukas LMeve versions prior to 0.1.59-beta, which stems from an issue with the function insertlog in the file wwwroot/ccpwgl/proxy.php, where manipulation of the parameter fetch can le...

Youtube-Php-Mirroring 跨站脚本漏洞

Youtube-Php-Mirroring is a Chinese Php development based on Youtube video proxy scripts. ytube-php-mirroring is vulnerable to a cross-site scripting vulnerability that originates in the file ytproxy/index.php. site scripting XSS vulnerability in the file ytproxy/index.php. No detailed vulnerabili...

The vulnerability of the index.php component in the PHP Proxy web proxy script allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of the index.php component in the PHP Proxy web proxy script is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...

CVE-2017-9388

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device firmware file contains a file known as proxy.sh which allows the device to proxy a specific...

seamonkey security update

CentOS Errata and Security Advisory CESA-2006:0608 Updated seamonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web...