65 matches found
EUVD-2015-5465
Malware in sbrugna...
EUVD-2021-23452
Malware in sbrugna...
EUVD-2012-1751
Malware in sbrugna...
EUVD-2008-0830
Malware in sbrugna...
EUVD-2015-4408
Malware in sbrugna...
CVE-2015-7306
The CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal does not properly check access permissions, which allows remote authenticated users to access and change settings by leveraging the "access administration pages" permission...
Fighting Cock Information System SQL Injection Vulnerability
Fighting Cock Information System is a chicken information system by chrisjelo individual developer. code-projects Fighting Cock Information System version 1.0 has a SQL injection vulnerability that originates from a SQL injection vulnerability in the file admin/pages/tables/addcon.php...
Tuleap Cross-Site Scripting Vulnerability
Tuleap is an application lifecycle management system that facilitates agile software development, design projects, V-models, requirements management and IT service management.A cross-site scripting vulnerability exists in versions prior to Tuleap 13.9.99.111, which stems from a failure to properl...
WordPress Social Share Buttons by Supsystic plugin跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Social Share Buttons by Supsystic plugin versions prior to 2.2.4 are vulnerable to cross-si...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the comliferaysitemysiteswebportletMySitesPortletcomments parameter in membership request administration pages. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker...
Kallithea cross-site scripting (XSS) vulnerability
Multiple cross-site scripting XSS vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 first name or 2 last name user details, or the 3 repository, 4 repository group, or 5 user group description...
GHSA-FH5C-7GMG-XMP6 Kallithea cross-site scripting (XSS) vulnerability
Multiple cross-site scripting XSS vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 first name or 2 last name user details, or the 3 repository, 4 repository group, or 5 user group description...
CVE-2021-36876 WordPress uListing plugin <= 2.0.5 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities in WordPress uListing plugin versions = 2.0.5 as it lacks CSRF checks on plugin administration pages...
CVE-2019-18661
Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by changing a certain checkpwd return value from 0 to 1. An attack does not achieve administrative control of a device; however, the attacker can view all of the web pages of the administration console...
Super Login - Moderately critical - Cross site scripting - SA-CONTRIB-2019-062
This module improves the Drupal login page with the new features and layout. The module doesn't sufficiently filter input text in the administration pages text configuration inputs. For example, the login text field. The vulnerability is mitigated by the fact it can only be exploited by a user wi...
Mosaik - Moderately critical - Cross-site scripting - SA-CONTRIB-2017-080
The Mosaik module enables you to create pages or complex blocks in Drupal with the logic of a real mosaic and its pieces. The module doesn't sufficiently sanitize the titles of fieldsets on its administration pages or the titles of blocks that it creates. This vulnerability is mitigated by the fa...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 first name or 2 last name user details, or the 3 repository, 4 repository group, or 5 user group description...
CVE-2015-1864
Multiple cross-site scripting XSS vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 first name or 2 last name user details, or the 3 repository, 4 repository group, or 5 user group description...
CVE-2015-1864
Kallithea (before 0.2.1) is vulnerable to multiple XSS in the administration pages via the first/last name user details and repository/repository group/user group descriptions. Affected component: admin pages; root cause: unsanitized input in multiple fields. Impact: potential injection of arbitr...
EMC ViPR SRM Cross-Site Request Forgery Vulnerability (NVD-C-2016-22474)
EMC ViPR SRM is storage resource management software. A cross-site request forgery vulnerability exists in multiple administration pages of EMC ViPR SRM, which can be exploited by an attacker to execute unauthorized requests as an administrator...