101 matches found
CVE-2019-11376
SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a ?php substring in the second text box. NOTE: the vendor indicates that there was an assumption that the content is "made editable on its own...
CVE-2019-11376
SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a ?php substring in the second text box. NOTE: the vendor indicates that there was an assumption that the content is "made editable on its own...
Code injection
DISPUTED SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a ?php substring in the second text box. NOTE: the vendor indicates that there was an assumption that the content is "made editable on its own."...
CVE-2019-11376
SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a ?php substring in the second text box. NOTE: the vendor indicates that there was an assumption that the content is "made editable on its own...
PT-2019-12267 · Soy · Soy Cms
Name of the Vulnerable Software and Affected Versions: SOY CMS version 3.0.2 Description: The issue allows remote attackers to execute arbitrary PHP code via a ?php substring in the second text box. It is based on an assumption that the content is made editable on its own. Recommendations: For SO...
DiliCMS Cross-Site Scripting Vulnerability (CNVD-2019-07939)
DiliCMS is a content management system CMS based on Codelgniter. A cross-site scripting vulnerability exists in the site URL text box in DiliCMS version 2.4.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
SEMCMS cross-site scripting vulnerability (CNVD-2019-05836)
SemCms is a set of open source foreign trade enterprise website management system, mainly used for foreign trade enterprises, compatible with IE, Firefox, google, 360 and other mainstream browsers. SEMCMS 3.5 cross-site scripting vulnerability , attackers can use the vulnerability through the...
May 17, 2018—KB4103722 (OS Build 15063.1112)
May 17, 2018—KB4103722 OS Build 15063.1112 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses additional issues with updated time zone information. Addresses an issue that causes...
CVE-2018-9967
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2018-9968
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Joomla Sports Predictions 2.1.0.4 Component - Cross-site scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla Component Sports Predictions 2.1.0.4 - Cross-site scripting Date: 2017-02-11 Home : https://extensions.joomla.org/extensions/extension/sports-a-games/tips-a-betts/sports-predictions/ Exploit Author: Persian Hack Team...
Mozilla: Dragging and dropping images exposes final URL after redirects (MFSA 2015-110)
Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element...
SysExporter - Grab data from list-view, tree-view, combo box, WebBrowser control, and text-box
SysExporter utility allows you to grab the data stored in standard list-views, tree-views, list boxes, combo boxes, text-boxes, and WebBrowser/HTML controls from almost any application running on your system, and export it to text, HTML or XML file. Here's some examples for data that you can expo...
Wireshark 1.10.7 - DoS PoC
No description provided by source. !/usr/bin/python Exploit Title: Wireshark Read Access Violation near NULL starting at libcairo2!cairoimagesurfacegetdata Date: May 15th 2014 Author: Osanda Malith Jayathissa E-Mail: osandajayathissaatgmail.com Version: 1.10.7 32-bit and 64-bit Vendor Homepage:...
SuSE 10 Security Update : LibreOffice (ZYPP Patch Number 8286)
LibreOffice was updated to SUSE 3.5 bugfix release 13 based on upstream 3.5.6-rc2 which fixes a lot of bugs. The following bugs have been fixed : - polygon fill rule. bnc759172 - open XML in Writer. bnc777181 - undo in text objects fdo36138 - broken numbering level. bnc760019 - better MathML...
CVE-2007-3678
Stack-based buffer overflow in the MSWord text-import extension Word 6-2000 Filter.xnt in QuarkXPress 7.2 for Windows, when using the Rectangle Text Box tool for importing text, allows user-assisted remote attackers to execute arbitrary code via a long font name...
CVE-2007-3678
Stack-based buffer overflow in the MSWord text-import extension Word 6-2000 Filter.xnt in QuarkXPress 7.2 for Windows, when using the Rectangle Text Box tool for importing text, allows user-assisted remote attackers to execute arbitrary code via a long font name...
With ASP Trojan FTP and decompression-vulnerability warning-the black bar safety net
In broilers placed on the website,the most troublesome is probably the update and upload a lot of files, Terminal Services broad daylight easy to be found,open your own ftp and not assured. Your own online in a circle is found by combining the non-component upload asp Trojan can be easily achieve...
security flaw
Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control...
security flaw
Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control...