58 matches found
CVE-2022-35630
A cross-site scripting XSS issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. This issue was resolved in Velociraptor 0.6.5-2...
Malicious code in sample-static-html-composites (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b7976ec211f155da2f9a4d674dd894fd81126d3215e41c4edfc21f9bee7174e3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2017-5664
A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. Mitigation If it is necessary to have the DefaultServlet propert...
book-cli (=1.2.0) potentially affected by CVE-2017-16152 via static-html-server (=0.1.2)
static-html-server NPM version =0.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on static-html-server and may be impacted: - book-cli =1.2.0 Source cves: CVE-2017-16152 Source advisory: OSV:GHSA-9J5M-873F-XH76...
Directory Traversal in static-html-server
Affected versions of static-html-server resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...
Directory Traversal
static-html-server is vulnerable to directory traversal attacks. These attacks are possible by requesting a url such as /..%2f..%2fetc/passwd to get sensitive information...
static-html-server directory traversal vulnerability
static-html-server is a static file server. A directory traversal vulnerability exists in static-html-server. An attacker can exploit this vulnerability by placing a '... /' sequence in a URL to gain access to the file system...
CVE-2017-16152
static-html-server is a static file server. static-html-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
Directory traversal
static-html-server is a static file server. static-html-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
CVE-2017-16152
CVE-2017-16152 affects the static-html-server static file server. The connected documents describe a directory traversal vulnerability triggered by URL paths containing ../, which can allow an attacker to access files outside the intended directory root and disclose private files. PoC examples ar...
UBUNTU-CVE-2017-5453
A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's "TITLE" element. This vulnerability allows for spoofing but no scripted content can be run. This vulnerability affects Firefox 53...
Webutler CMS 3.2 Cross Site Request Forgery
Exploit Title: Webutler CMS Cross-Site Request Forgery Date: 18 April 2016 Exploit Author: Keerati T. Post Vendor Homepage: http://webutler.de/en Software Link: http://webutler.de/download/webutlerv3.2.zip Version: 3.2 Tested on: Linux 1.Description The Webutler is a simple online page editor for...
Webutler CMS 3.2 - Cross-Site Request Forgery
Webutler CMS 3.2 - Cross-Site Request Forgery Dear OffSec, Here is the vulnerability detail as I submitted Exploit Title: Webutler CMS Cross-Site Request Forgery Date: 18 April 2016 Exploit Author: Keerati T. Post Vendor Homepage: http://webutler.de/en Software Link:...
BBSGood Forum program moprepost. asp variable HTTP_X_FORWARDED_FOR injection vulnerability-vulnerability warning-the black bar safety net
BBSGOOD is domestic first using the cache technology Forum, BBSGOOD posts and list home can generate a static HTML file. In the file moprepost. asp: if Request. ServerVariables"HTTPXFORWARDEDFOR"="" then ipdress=Request. ServerVariables"REMOTEADDR" else ipdress=Request...
BBSGood Forum program indexlabel. asp and labelsave. the asp page has SQL injection vulnerability-vulnerability warning-the black bar safety net
BBSGOOD is domestic first using the cache technology Forum, BBSGOOD posts and list home can generate a static HTML file. Vulnerability analysis: In the file indexlabel. asp: sql="select top 1 Admin,UserName,Password from BBSGoodAdmin where UserName='"&Request. Cookiesbbsinfo&"adminuser"&"' "...
BBSGood Forum program multi-page SQL injection vulnerability-vulnerability warning-the black bar safety net
BBSGOOD is domestic first using the cache technology Forum, BBSGOOD posts and list home can generate a static HTML file. 1. In the file DelShortInFo. asp: selectid=trimRequestCStringSafeRequest"selectid" //the 1 Line 1 If selectid"" then selectid = replaceselectid, ", ", " or ID=" selectid="Where...
phpArticle2.06本地包含文件漏洞
phpArticle是一个新闻发布系统,最近我学习php有了一段时间,在找网上的代码研究学习的时候,看了看, 发现了phpArticle2.06版本里有本地文件包含漏洞,因为找不到最新的phpArticle3下载,就没有测试。(刚又找了下,网上能下的最新的2.1版本也有此漏洞) 漏洞所在文件是countbbs.php里 代码里对提交的sys变量没做检查,就直接包含为admin/loadsystem/目录下的一个文件了, 所以我们可以提交自己构造的sys变量,使countbbs.php包含我们想包含的文件,但是由于变量...
Hot Links SQL 3.x XSS vuln.
Hot Links SQL 3.x XSS vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 Orginal advisory:http://pridels.blogspot.com/2005/12/hot-links-sql-3x-xss-vuln.html vendor:http://www.mrcgiguy.com/hlsqldetails.shtml affected version:3.1.x and prior Product Description: irectory style index allows for easy...