phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven Frequently Asked Questions FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ, which stems from the email field in the phpMyFAQ User Control Panel page being vulnerable to a stored cross-site scripti...

CVE-2023-28467

In MyBB before 1.8.34, there is XSS in the User CP module via the user email field...

CVE-2023-28467

In MyBB before 1.8.34, there is XSS in the User CP module via the user email field...

MyBB 跨站脚本漏洞

MyBB MyBulletinBoard is a free and web-based forum software developed by MYBB team using PHP and MySQL. The software is easy to use, supports multiple languages, scalable and other features. A security vulnerability exists in MyBB versions prior to 1.8.34, which stems from a cross-site scripting...

PT-2023-21737 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB versions prior to 1.8.34 Description: The issue concerns a cross-site scripting XSS flaw in the User CP module, specifically via the user email field. This allows for potential malicious script execution. Recommendations: For versions...

MyBB UserCP Cross-Site Scripting Vulnerability

MyBB MyBulletinBoard is a free and Web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. A cross-site scripting vulnerability exists in MyBB UserCP. This vulnerability allows attackers to...

CVE-2019-19551

In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are no...

Cross site scripting

In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are no...

FUDForum 3.0.9 - Remote Code Execution

Exploit Title : FUDForum 3.0.9 - Remote Code Execution Date: 2019-10-26 Exploit Author: liquidsky JMcPeters Vulnerable Software: FUDForum 3.0.9 Vendor Homepage: https://sourceforge.net/projects/fudforum/ Version: 3.0.9 Software Link:...

FUDForum 3.0.9 - Remote Code Execution

FUDForum 3.0.9 - Remote Code Execution Exploit Title : FUDForum 3.0.9 - Remote Code Execution Date: 2019-10-26 Exploit Author: liquidsky JMcPeters Vulnerable Software: FUDForum 3.0.9 Vendor Homepage: https://sourceforge.net/projects/fudforum/ Version: 3.0.9 Software Link:...

FUDForum 3.0.9 Code Execution / Cross Site Scripting

// Exploit Title : FUDForum 3.0.9 - Stored XSS / Remote Code Execution // Date : 10/26/19 // Exploit Author : liquidsky JMcPeters // Vulnerable Software : FUDForum 3.0.9 // Vendor Homepage : https://sourceforge.net/projects/fudforum/ // Version : 3.0.9 // Software Link :...

On Heels of Criticism, Newly-Released Google Chrome 70 Prioritizes Privacy

Google has lifted the curtain on its latest version of Chrome, which the tech giant has pledged touts more data privacy features, as well as fixes for high-priority vulnerabilities. The release comes after Google had promised updates in Chrome 70 to “better communicate our changes and offer more...

Nicolas Gudino Flash Operator Panel callforward module command injection vulnerability

Nicolas Gudino a.k.a. Asternic Flash Operator Panel FOP is a suite of phone system monitoring software. user Control Panel UCP is one of the user control panels. callforward module is one of the callforward modules. A command injection vulnerability exists in the callforward module of the UCP in...

Flash Operator Panel 2.31.03 - Command Execution

Flash Operator Panel 2.31.03 - Command Execution Document Title: =============== Flash Operator Panel v2.31.03 - Command Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1907 Release Date: ============= 2018-01-08 Vulnerability...

CVE-2018-5694

The callforward module in User Control Panel UCP in Nicolas Gudino aka Asternic Flash Operator Panel FOP 2.31.03 allows remote authenticated users to execute arbitrary commands via the command parameter...

Command injection

The callforward module in User Control Panel UCP in Nicolas Gudino aka Asternic Flash Operator Panel FOP 2.31.03 allows remote authenticated users to execute arbitrary commands via the command parameter...

CVE-2018-5694

The CVE-2018-5694 entry corresponds to a command injection vulnerability in the callforward module of the User Control Panel (UCP) within Nicolas Gudino’s Flash Operator Panel (FOP) version 2.31.03. A remote authenticated user can exploit the vulnerability by supplying a crafted value to the comm...

CVE-2017-8899

Invision Power Services IPS Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain access to moderator/admin accounts. The...

CVE-2016-9406

Cross-site scripting XSS vulnerability in the User control panel in MyBB aka MyBulletinBoard before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Flash Operator Panel 2.31.03 - Multiple Web Vulnerabilities

Document Title: =============== Flash Operator Panel 2.31.03 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1906 Release Date: ============= 2016-10-21 Vulnerability Laboratory ID VL-ID: ===================================...