3 matches found
PT-2025-50102
Name of the Vulnerable Software and Affected Versions Mercury MR816v2 version 4.8.7 Build 110427 Rel 36550n Description A stored Cross Site Scripting XSS flaw exists in the Mercury MR816v2 router. A remote attacker on the Local Area Network LAN can inject JavaScript into the router’s management...
CVE-2021-25876
AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the u parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator...
Magic Winmail Server 4.0 (Build 1112) - 'upload.php' Traversal Arbitrary File Upload
source: https://www.securityfocus.com/bid/12388/info Magic Winmail Server is reportedly affected by multiple vulnerabilities. There are two distinct directory traversal vulnerabilities in the Webmail interface allowing both arbitrary file downloads and uploads. There is also a HTML injection...