Cross site scripting

Adobe Experience Manager version 6.5.9.0 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability via the accesskey parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the...

CVE-2021-40714 Adobe Experience Manager Reflected Cross Site Scripting via accesskey parameter

Adobe Experience Manager version 6.5.9.0 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability via the accesskey parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the...

Mailman 2.1.23 Cross Site Scripting

Title: Mailman 1.x 2.1.23 - Cross Site Scripting XSS Type: Reflected XSS Software: Mailman Version: =1.x = 2.1.23 Vendor Homepage: https://www.list.org Original link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5950 POC Author: Valerio Alessandroni Date: 28/10/2020 Description:...

CVE-2020-8591

eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&accessKey=eGm0n1t0r request...

Stack overflow

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 32 bytes. An attacker can...

CVE-2018-3913

Samsung SmartThings Hub STH-ETH-250 (Firmware 0.20.17) is affected by a stack-based buffer overflow in the video-core HTTP server’s shard data retrieval. The vulnerability arises from unconstrained strcpy Copy operations when reading fields from the shard table (secretKey, accessKey, sessionToken...

CVE-2018-3874

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long...

Buffer overflow

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long...

CVE-2018-3874

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long...

PT-2018-16305 · Samsung · Samsung Smartthings Hub

Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 version 0.20.17 Description: A stack-based buffer overflow issue exists in the video-core HTTP server due to the retrieval of database fields. Specifically, the strcpy call overflows a destination buffer of...

WordPress WebConnex Form Management 1.6.3 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Credit Ricardo Sanchez Vulnerable WebConnex Form Management 1.6.3 WebConnex Form Management is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this iss...

EduSoho 最新版两处泄露accessKey和secretKey

简要描述： 可在官网重新绑定，发送云短信，下载安装应用。 详细说明： 出现问题的地方在安装文件/start-install.php false, ; $twig-addGlobal'edushoversion', \Topxia\System::VERSION; $step =intvalempty$GET'step' ? 0 : $GET'step'; $functionName = 'installstep' . $step; $functionName; use Topxia\Service\Common\ServiceKernel; use...

Ubuntu 11.04 / 11.10 : mozvoikko, ubufox update (USN-1306-2)

USN-1306-1 fixed vulnerabilities in Firefox. This update provides updated Mozvoikko and ubufox packages for use with Firefox 9. Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longs...

USN-1306-1: Firefox vulnerabilities

Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Firefox or execute arbitrary code as the...

CVE-2011-3663

Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page...

CVE-2011-3663

CVE-2011-3663 affects Mozilla Firefox 4.x–8.0, Thunderbird 5.0–8.0, and SeaMonkey before 2.6. It allows remote attackers to capture keystrokes entered on a web page via SVG animation accessKey events, even when JavaScript is disabled. The description in the provided documents states the affected ...

Mozilla Firefox < 9.0 Multiple Vulnerabilities

Binary data 6109.prm...