CVE-2023-45952

An arbitrary file upload vulnerability in the component ajaxlink.php of lylmespage v1.7.0 allows attackers to execute arbitrary code via uploading a crafted file...

LyLme Spage 注入漏洞

LyLme Spage Six Zero navigation page is China Six Zero LyLme open source a navigation page . Dedicated to simple and efficient advertising-free Internet navigation and search portal , support for background links , custom search engine , precipitation of the most valuable links , no commercial...

Vimeo: All Vimeo Private videos disclosure via Authorization Bypass

Hello, There is a vulnerability in https://vimeo.com/VIDEOID?action=share that makes all Vimeo private videos available to anybody. POC link : http://opnsec.com/vimeo/vl/videoLeak.php?video=VIDEOID POC requirements : - No need to be logged in Vimeo - Because of sensitivity of this, I put a passwo...

Fedora 23 : drupal6-ctools-1.14-1.fc23 (2015-14329)

See Ctools - Critical - Multiple Vulnerabilities - SA- CONTRIB-2015-141. This is an incremental security and bugfix release for ctools. Looking to fix future D6 CTools issues? Find japerry or merlinofchaos in drupal-scotch, drupal- contribute, or drupal-panels -- and become a maintainer for D6...

CVE-2012-3373

Cross-site scripting XSS vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app...

Cross site scripting

Cross-site scripting XSS vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app...

CVE-2012-3373

Cross-site scripting XSS vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app...