CVE-2018-14512

An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the formnickname parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "system settings - mail server"...

CVE-2018-14512

The CVE-2018-14512 issue affects WUZHI CMS 4.1.0 . A persistent XSS exists in the API endpoint captured as index.php?m=core&f=set&v=sendmail, triggered when the administrator accesses the system settings - mail server screen. The vulnerability is exploitable via the form[nickname] parameter, allo...

Linux Driver National Instruments Remote Code Injection Vulnerability

Exploit for linux platform in category remote exploits Hello , i've recently discovered a critical vulnerability in the National Instruments Linux driver package, which opens up an remote code injection software update vulnerability. Classification: CRITICAL / 0day - easily exploitable Impact:...

IBM Rational DOORS Next Generation and IBM Rational Requirements Composer Cross-Site Scripting Vulnerabilities

IBM Rational DOORS Next Generation DNG and Rational Requirements Composer RRC are both requirements management solutions from IBM USA. The solutions are primarily used to define, manage, and report on requirements throughout the project lifecycle. A cross-site scripting vulnerability exists in IB...

FreeBSD : mutt -- remote code injection and path traversal vulnerability (a2f35081-8a02-11e8-8fa5-4437e6ad11c4)

Kevin J. McCarthy reports : Fixes a remote code injection vulnerability when 'subscribing' to an IMAP mailbox, either via $imapchecksubscribed, or via the function in the browser menu. Mutt was generating a 'mailboxes' command and sending that along to the muttrc parser. However, it was not...

mutt -- remote code injection and path traversal vulnerability

Kevin J. McCarthy reports: Fixes a remote code injection vulnerability when "subscribing" to an IMAP mailbox, either via $imapchecksubscribed, or via the function in the browser menu. Mutt was generating a "mailboxes" command and sending that along to the muttrc parser. However, it was not escapi...

CVE-2016-9483

CVE-2016-9483 involves PHP FormMail Generator-generated PHP form code where phpfmg_filman_download() deserializes untrusted input, enabling a remote, unauthenticated attacker to inject PHP code. The description notes that, combined with CVE-2016-9484, this can lead to local file inclusion attacks...

InvoicePlane cross-site scripting vulnerability (CNVD-2018-13195)

InvoicePlane is an open source financial system. The system has features to manage quotes, invoices and payments. A cross-site scripting vulnerability exists in InvoicePlane version 1.5.10. A remote attacker can exploit this vulnerability by injecting malicious code into the application with the...

mantis -- multiple vulnerabilities

mantis reports: Teun Beijers reported a cross-site scripting XSS vulnerability in the Edit Filter page which allows execution of arbitrary code if CSP settings permit it when displaying a filter with a crafted name. Prevent the attack by sanitizing the filter name before display. Ömer Cıtak,...

CVE-2018-8284

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2,...

SAP Business Objects Remote Code Injection Vulnerability

SAP Business Objects is a suite of business intelligence software and enterprise performance solutions from SAP, Germany. The program provides reporting, performance management and data base and other functions. A remote code injection vulnerability exists in SAP Business Objects, version 4.0 4.1...

CVE-2018-13001

Sandoba CP:Shop v2016.1 contains a cross-site scripting (XSS) vulnerability in the cpshop/admin.php module. The CVE describes a non-persistent XSS that can be triggered via GET parameters (path, search, rename, or dir) and injected into client-side code. Connected sources corroborate the issue ac...

CVE-2017-13072

The CVE-2017-13072 entry describes a Cross-site scripting (XSS) vulnerability in QNAP QTS App Center affecting QTS 4.2.6 (build 20171208), 4.3.3 (build 20171213), 4.3.4 (build 20171223), and earlier versions. The underlying issue is an XSS flaw that could allow remote attackers to inject Javascri...

Yii2-StateMachine extension for Yii2 cross-site scripting vulnerability (CNVD-2018-11842)

Yii2-StateMachine extension for Yii2 is a demo website system for demonstrating the Yii2 framework. A cross-site scripting vulnerability exists in the Yii2-StateMachine extension for Yii2 version 2.x.x. The vulnerability stems from the program failing to strictly filter the 'role' parameter. A...

CVE-2018-12040

Reflected Cross-site scripting XSS vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should...

CVE-2017-3907

Code Injection vulnerability in the ePolicy Orchestrator ePO extension in McAfee Threat Intelligence Exchange TIE Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified vector...

Bracket-template Cross-Site Scripting Vulnerability

bracket-template is a JavaScript template library for modern browsers. A cross-site scripting vulnerability exists in bracket-template. This vulnerability can be exploited by a remote attacker to inject malicious code via GET parameters...

Cross site scripting

Cross-site scripting XSS vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php...

SAP MaxDB ODBC Remote Code Injection Vulnerability

SAP MaxDB is Germany SAP SAP company's set of cross-platform, ANSI SQL-92-compatible relational database management system. ODBC driver is one of the ODBC connection driver. A security vulnerability exists in the SAP MaxDB ODBC driver prior to version 7.9.09.07. An attacker can exploit this...

Atlassian Jira issue collector cross-site scripting vulnerability

Atlassian JIRA is a defect tracking management system from Atlassian Australia. The system is mainly used to track and manage all kinds of issues and defects in the workplace. issue collector is one of the issue collectors. A cross-site scripting vulnerability exists in the error message of a...