45 matches found
GHSA-54P8-X2M9-C593 malcontent: Error-path cleanup gap can leak scanners and fds and degrade availability
Several extraction and scanning code paths registered late defers which could leak resources and exhaust system resources. This report is an aggregate of these individual reports for the affected code: Advisory | Affected File -- | -- GHSA-jjgh-mc5q-gch7 | pkg/action/scan.go GHSA-mwmf-fxh2-w4x7 |...
CVE-2026-21878
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0.rc3, a vulnerability has been discovered in BACnet Stack's file writing functionality where there is no validation of user-provided file paths, allowing attackers to write files to arbitrary...
EUVD-2008-7182
Malware in sbrugna...
CVE-2025-32700
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseLog.Php, includes/Pager/AbuseLogPager.Php, includes/Special/SpecialAbuseLog.Php,...
PT-2025-14785 · Openemr · Openemr
Name of the Vulnerable Software and Affected Versions: OpenEMR version 7.0.2 Description: The issue is related to SQL Injection. It affects files such as openemrlibraryclassesPharmacy.class.php, controllersC Pharmacy.class.php, and openemrcontroller.php. Recommendations: For OpenEMR version 7.0.2...
Some tokens may revert when zero value transfers are made
Lines of code 356, 371, 145, 272, 252, 116, 445, 374, 506, 488https://github.com/Tapioca-DAO/tap-token-audit/blob/59749be5bc2286f0bdbf59d7ddc258ddafd49a9f/contracts/options/TapiocaOptionBroker...
PT-2023-25668 · Inex · Ixpmanager
Name of the Vulnerable Software and Affected Versions: INEX IXP-Manager versions prior to 6.3.1 Description: The issue allows for XSS attacks. The following files may be affected: list-preamble.foil.php, page-header-preamble.foil.php, edit-form.foil.php, overview.foil.php, cust.foil.php, and...
SEUR Oficial < 1.7.0 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitize and escape some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in one of the plugin's settings: " Affected files:...
SEUR Oficial < 1.7.0 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitize and escape some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in one of the plugin's settings: "alert'XSS'; Affected files:...
PT-2021-6722 · Cacti · Cacti
Name of the Vulnerable Software and Affected Versions: Cacti version 1.2.12 Description: The issue is related to multiple Cross Site Scripting XSS vulnerabilities in several components of the Cacti network monitoring tool, including reports admin.php, data queries.php, data input.php, graph...
PT-2014-5658 · Dolibarr · Dolibarr Erp/Crm
Name of the Vulnerable Software and Affected Versions: Dolibarr ERP/CRM version 3.5.3 Description: The issue allows remote attackers to inject arbitrary web script or HTML via various parameters to different PHP files, including index.php, user/index.php, user/logout.php, user/fiche.php, and...
Microsoft Windows Contacts DLL Hijacking Exploit (wab32res.dll)
No description provided by source. / Exploit Title: Microsoft Windows Contacts DLL Hijacking Exploit wab32res.dll Date: August 25, 2010 Author: storm [email protected] Tested on: Windows Vista SP2 http://www.gonullyourself.org/ gcc -shared -o wab32res.dll Contacts-DLL.c .contact, .group,...
ViArt Shop Evaluation 4.1 - Multiple Remote File Inclusion Vulnerabilities
No description provided by source. Exploit Title: ViArt Shop Evaluation v4.1 Multiple Remote File Inclusion Vulnerability Date: 26/9/2012 Author: L0n3ly-H34rT Contact: [email protected] My Site: http://se3c.blogspot.com/ Vendor Link: http://www.viart.com/ Software Link:...
ZeusCMS <= 0.3 - Remote Blind SQL Injection Exploit
No description provided by source. ? / ------------------------------------------------- ZeusCMS = 0.3 Remote Blind SQL Injection Exploit ------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....: http://www.zeuscms.gr/ details..: works with...
OpenX 2.8.10 Cross Site Scripting / SQL Injection
Exploit Title: OpenX 2.8.10 - Multiples Vulnerabilites Product: OpenX Vulnerable Versions: 2.8.10 and probably prior Tested Version: 2.8.10 Official site: http://www.openx.com Risk Level: High Exploit Author: Esac Last Checked: 12/08/2013 +----------+ | OVERVIEW | +----------+ OpenX Source is...
GLibrary v3.0 Multiple Remote vulnerabilities
Exploit for unknown platform in category web applications ============================================= GLibrary v3.0 Multiple Remote vulnerabilities ============================================= +-------------------------------------+ + Title : GLibrary v3.0 Multiple Remote vulnerabilities +...
Info Fisier 1.0 multiple Vulnerabilities
No description provided by source. + Author : kaozc9 + Email : [email protected] + Site : www.paradisextem.co.cc + Team : ParadisexTeam + Dork : Powered by Info Fisier. =========================================XSS================================================== Affected Files:...
ITechBids 7.0 Gold (XSS/SQL) Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ============================================================ ITechBids 7.0 Gold XSS/SQL Multiple Remote Vulnerabilities ============================================================ ITechBids 7.0 Gold Multiple Remote Vulnerabilities Website...
CVE-2008-2712
Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using 1 filetype.vim, 3 xpm.vim, 4 gzipvim, and 5 netrw. NOTE: the...
Aria-Security.Net: PenPals Login and search page SQL Injection
--------------------------- Aria-Security Team http://Aria-Security.Net ---------------------------- Original Advisory @ http://aria-security.net/forum/showthread.php?p=1148 Shout outs to : AurA TLOTD http://ankoor.com/ vendor Dork:Powered By Anblik Affected fileS: search.asp login.asp 'group by...