450 matches found
EUVD-2021-34749
Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shellexec to run system commands by sending craft...
CVE-2021-47900 Gila CMS < 2.0.0 - Remote Code Execution
Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shellexec to run system commands by sending craft...
PT-2026-4931
Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shell exec to run system commands by sending...
CVE-2021-31794
Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP User-Agent header...
CVE-2016-10964
The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header...
CVE-2020-12645
OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption...
CVE-2019-16197
In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS...
CVE-2019-12198
In GoHttp through 2017-07-25, there is a stack-based buffer over-read via a long User-Agent header...
CVE-2021-47738
CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend...
CVE-2021-47738
CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend...
CVE-2021-47738
CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend...
CVE-2021-47738 CSZ CMS 1.2.7 Persistent Cross-Site Scripting via Private Messaging
CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend...
CVE-2021-47738 CSZ CMS 1.2.7 Persistent Cross-Site Scripting via Private Messaging
CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend...
PT-2025-52838
Name of the Vulnerable Software and Affected Versions CSZ CMS version 1.2.7 Description The software contains a persistent cross-site scripting issue that permits unauthorized users to inject malicious JavaScript into private messages. An attacker can send messages containing script payloads with...
PT-2025-48198
Name of the Vulnerable Software and Affected Versions Ray versions prior to 2.52.0 Description Ray, an AI compute engine, is affected by a critical Remote Code Execution RCE issue. The problem stems from insufficient protection against browser-based attacks. The current defense relies on the...
Cross-site Scripting (XSS)
s-cart/core and gp247/core are vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of the User-Agent header in the Admin Log Viewer, which allows an attacker to inject malicious scripts that execute in an administrator’s browser when viewing the security log...
EUVD-2014-8178
Malware in sbrugna...
EUVD-2019-0756
Malware in sbrugna...
EUVD-2008-7207
Malware in sbrugna...
EUVD-2007-6477
Malware in sbrugna...