CVE-2026-24900

MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, the courses//assignments//submissions/htmlcontent accepted a selectfileid parameter to serve SubmissionFile objects containing a record of files submitted by students. This parameter was not correct...

CVE-2026-24900

MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, the courses//assignments//submissions/htmlcontent accepted a selectfileid parameter to serve SubmissionFile objects containing a record of files submitted by students. This parameter was not correct...

CVE-2026-1178

A security vulnerability has been detected in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /kmf/select.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument folderid leads to sql injection. The attack can be initiated remotely. The...

CVE-2022-0698

Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter...

CVE-2017-15948

Perch Content Management System 3.0.3 allows unrestricted file upload with resultant XSS via the Asset Title field in conjunction with the Select File field. This is exploitable with a Limited Admin account...

CVE-2022-0698

Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter...

Microweber 跨站脚本漏洞

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A security vulnerability exists in Microweber version 1.3.1, which allows an...

CVE-2022-0698

Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter...

PT-2022-13369 · Unknown · Microweber

Name of the Vulnerable Software and Affected Versions: Microweber version 1.3.1 Description: The issue allows an unauthenticated user to perform an account takeover via a Cross-Site Scripting XSS attack on the select-file parameter. There is a patch available in the development branch, but it has...

SQLite Code Issue Vulnerability (CNVD-2020-22809)

SQLite is the United States D. Richard Hipp software developers of a set of C-based open source embedded relational database management system. The system is characterized by independence, isolation, cross-platform and so on. SQLite 3.30.1 version of the select.c file of multiSelect there is a co...

opensc: Buffer overflows handling responses from TCOS Cards in card-tcos.c:tcos_select_file()

Several buffer overflows when handling responses from a TCOS Card in tcosselectfile in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service application crash or possibly have unspecified other impact...

OpenSC Buffer Overflow Vulnerability (CNVD-2019-07205)

OpenSC is an open source smart card tool and middleware. A buffer overflow vulnerability exists in the 'tcosselectfile' function in the libopensc/card-tcos.c file in versions of OpenSC prior to 0.19.0-rc1. An attacker can exploit this vulnerability to cause a denial of service application crash...

OpenSC Infinite Recursion Vulnerability

OpenSC is a set of software tools and libraries for smart cards, focusing on smart cards with cryptographic capabilities. An infinite recursion vulnerability exists in iaseccselectfile in libopensc/card-iasecc.c in OpenSC prior to 0.19.0-rc1 when processing responses from IAS-ECC cards. An attack...

Perch Content Management System Arbitrary File Upload Vulnerability

Perch Content Management System is a content management system for small websites. An arbitrary file upload vulnerability exists in Perch Content Management System version 3.0.3. The vulnerability can be exploited to upload arbitrary files to the web server system via the Asset Title and Select...

CVE-2017-15948

Perch Content Management System 3.0.3 allows unrestricted file upload with resultant XSS via the Asset Title field in conjunction with the Select File field. This is exploitable with a Limited Admin account...

THC-SmartBrute - Finds undocumented and secret commands implemented in a smartcard

This tool finds undocumented and secret commands implemented in a smartcard. An instruction is divided into Class CLA, Instruction-Number INS and the parameters or arguments P1, P2, P3. THC-SMARTBRUTE iterates through all the possible values of CLA and INS to find a valid combination. Furthermore...

Ease Audio Cutter 1.20 Local Crash

!/usr/bin/perl Ease Audio Cutter 1.20 .wav file Local Crash PoC By : zAx Application Homepage : http://mp3-cutter.com Application Download : http://mp3-cutter.com/download/audiocutter.exe Description : Click Select file button, select our file and click Play $crash = "\x42" x 15000; my $file =...

Ease Audio Cutter 1.20 (.wav file) Local Crash PoC

No description provided by source. !/usr/bin/perl Ease Audio Cutter 1.20 .wav file Local Crash PoC By : zAx Application Homepage : http://mp3-cutter.com Application Download : http://mp3-cutter.com/download/audiocutter.exe Description : Click Select file button, select our file and click Play...

Ease Audio Cutter 1.20 (.wav file) Local Crash PoC

Exploit for unknown platform in category dos / poc ================================================== Ease Audio Cutter 1.20 .wav file Local Crash PoC ================================================== !/usr/bin/perl Ease Audio Cutter 1.20 .wav file Local Crash PoC By : zAx Application Homepage :...

Ease Audio Cutter 1.20 - '.wav' Local Crash (PoC)

!/usr/bin/perl Ease Audio Cutter 1.20 .wav file Local Crash PoC By : zAx Application Homepage : http://mp3-cutter.com Application Download : http://mp3-cutter.com/download/audiocutter.exe Description : Click Select file button, select our file and click Play $crash = "\x42" x 15000; my $file =...