CVE-2026-33500

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fix for CVE-2026-27568 GHSA-rcqw-6466-3mv7 introduced a custom ParsedownSafeWithLinks class that sanitizes raw HTML and tags in comments, but explicitly disables Parsedown's safeMode. This creates a bypass:...

CVE-2026-33500 AVideo Vulnerable to Stored XSS via Markdown `javascript:` URI Bypasses ParsedownSafeWithLinks Sanitization

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fix for CVE-2026-27568 GHSA-rcqw-6466-3mv7 introduced a custom ParsedownSafeWithLinks class that sanitizes raw HTML and tags in comments, but explicitly disables Parsedown's safeMode. This creates a bypass:...

CVE-2026-33500

WWBN AVideo (up to version 26.0) remains vulnerable to stored XSS via Markdown-constructed links because ParsedownSafeWithLinks does not override inlineLink() and inlineUrlTag(), allowing javascript: URLs to bypass sanitization. The incomplete fix means markdown links like [text](javascript:alert...

GHSA-72H5-39R7-R26J AVideo - Incomplete Fix for CVE-2026-27568: Stored XSS via Markdown `javascript:` URI Bypasses ParsedownSafeWithLinks Sanitization

Summary The fix for CVE-2026-27568 GHSA-rcqw-6466-3mv7 introduced a custom ParsedownSafeWithLinks class that sanitizes raw HTML and tags in comments, but explicitly disables Parsedown's safeMode. This creates a bypass: markdown link syntax text is processed by Parsedown's inlineLink method, which...

EUVD-2004-2682

Malware in sbrugna...

STUNSHELL Web Shell Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

STUNSHELL Web Shell Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'STUNSHELL Web Shell Remote Code...

STUNSHELL Web Shell Remote Code Execution

Exploit for php platform in category remote exploits require 'msf/core' class Metasploit3 'STUNSHELL Web Shell Remote Code Execution', 'Description' = %q This module exploits unauthenticated versions of the "STUNSHELL" web shell. This module works when safe mode is disabled on the web server. Thi...

CVE-2004-2692

The execdir PHP patch php-exec-dir 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the phpescapeshellcmd function...