Comparing instead of Assigning

Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Comparing instead of Assigning via improper input validation in the validateFormFieldEmail function. An attacker can achieve root-level command execution by injecting shell...

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27644)

IPFire is an open source Linux distribution from the IPFire organization. It is mainly used as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from insufficient cleanup and escaping of the TLSHOSTNAME, UPSTREAMUSER, UPSTREAMPASSWORD, ADMINMAILADDRESS, an...

EUVD-2025-36514

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLSHOSTNAME, UPSTREAMUSER, UPSTREAMPASSWORD, ADMINMAILADDRESS, and ADMINPASSWORD parameters when adding a new...

CVE-2025-34318

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLSHOSTNAME, UPSTREAMUSER, UPSTREAMPASSWORD, ADMINMAILADDRESS, and ADMINPASSWORD parameters when adding a new...

CVE-2025-34318

IPFire

PT-2025-40525

Name of the Vulnerable Software and Affected Versions Emlog Pro version 2.5.19 Description A stored Cross-Site Scripting XSS issue has been identified. The vulnerability is located in the email template configuration component at the /admin/setting.php?action=mail API endpoint. This allows...

CVE-2023-44171

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component adminsmtp.php...

PT-2023-29142 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: SeaCMS version 12.9 Description: The issue is related to an arbitrary file write vulnerability. It affects the component admin smtp.php. Recommendations: For SeaCMS version 12.9, consider disabling access to the admin smtp.php component until...

CVE-2020-10982

Gambio GX before 4.0.1.0 allows SQL Injection in admin/gvmail.php...

WordPress Pondol Form to Mail Plugin <= 1.1 - Cross Site Scripting (XSS)

Because of this vulnerability, the variable itemid appears to send unsanitized data back to the users browser. Vulnerable file is pondol-formmail/pages/admin-mail-info.php. Solution Update the plugin...

VietNext cms multiple defects and repair-vulnerability warning-the black bar safety net

Exploit Title:Multiple Vulnerabilities + Date: 2 0 1 1 + script:VietNext cms + Software: http://vietnextco.com & amp; http://vietnext.vn + Author : pentesters. ir + Website : WwW.PenTesters.IR + dorks :"Developed & Design By VietNext" and "Design by VietNext"...

VietNext CMS Multiple Vulnerabilities

Exploit for php platform in category web applications + Exploit Title:Multiple Vulnerabilities + Date: 2011 + script:VietNext cms + Software: http://vietnextco.com & http://vietnext.vn + Author : pentesters.ir + Website : WwW.PenTesters.IR + dorks :"Developed & Design By VietNext" and "Design by...

Evilsentinel &lt;= 1.0.9 (multiple vulnerabilities) Disable Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo ' Evilsentinel = 1.0.9 Disable Exploit by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks to rgod for the php code and Marty for the Love '; if $argc3 echo "Usage: php ".$argv0." Host Path newma...