EUVD-2019-3644

Malware in sbrugna...

EUVD-2022-35516

Malicious code in bioql PyPI...

EUVD-2022-35514

Malicious code in bioql PyPI...

CVE-2022-32444

An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php...

CVE-2024-2655

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post widgets in all versions up to, and including, 8.3.5 due to insufficient input sanitization and output escaping on author display names. This makes it possible for authenticated...

WordPress Plugin Livemesh Addons for Elementor Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

Design/Logic Flaw

The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mkcheckfilemanagerphpsyntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the server...

PT-2024-15110 · WordPress · File Manager Pro

Name of the Vulnerable Software and Affected Versions: File Manager Pro plugin for WordPress versions up to, and including, 8.3.4 Description: The issue allows authenticated attackers, with subscriber access and above, to execute code on the server via the mk check filemanager php syntax AJAX...

Tenable Nessus Agent 8.3.3 <= 8.3.4 Multiple Vulnerabilities (TNS-2023-13)

Tenable Nessus Agent is prone to multiple vulnerabilities in OpenSSL. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2022-32442

u5cms version 8.3.5 is vulnerable to Cross Site Scripting XSS. When a user accesses the default home page if the parameter passed in is http://127.0.0.1/? "Onmouseover=%27tzgl 96502%27bad=", it can cause html injection...

CVE-2022-32444

An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php...

CVE-2022-32444

An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php...

Cross site scripting

u5cms version 8.3.5 is vulnerable to Cross Site Scripting XSS. When a user accesses the default home page if the parameter passed in is http://127.0.0.1/? "Onmouseover=%27tzgl 96502%27bad=", it can cause html injection...

CVE-2022-32442

CVE-2022-32442 affects u5cms 8.3.5. The issue is a stored/reflected XSS on the default home page caused by insufficient input validation of a URL parameter (example: Onmouseover=%27tzgl (96502)%27bad=). Documents confirm HTML injection risk; no explicit exploit details or remediation are provided...

CVE-2022-32444

CVE-2022-32444 affects u5cms version 8.3.5 and is a URL redirection/open redirect vulnerability. The vulnerability occurs via /loginsave.php, allowing an attacker to redirect a user’s browser to a malicious site. The connected Nuclei template confirms the affected software/component and describes...

u5cms 跨站脚本漏洞

u5cms is u5cms open source a medium-sized web content management system . u5cms 8.3.5 version of a security vulnerability , the vulnerability stems from the default home page does not check the user input parameters are legitimate , an attacker can use this vulnerability to malicious script...

PT-2020-5496 · Packwood · Mpxj

Name of the Vulnerable Software and Affected Versions: Packwood MPXJ versions prior to 8.3.5 Description: The issue exists due to incorrect restriction of the directory path name in the common/InputStreamHelper.java library of MPXJ, allowing a remote attacker to write files to arbitrary locations...

Advantech WebAccess/SCADA Buffer Overflow Vulnerability (CNVD-2019-32472)

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, Taiwan, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. A buffer error vulnerability exists in...

CVE-2019-10991

In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution...

CVE-2019-10989

In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Note: A different vulnerability than CVE-2019-1099...