1440 matches found
Code injection
A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execute arbitrary code via a crafted .exe file...
IBM CICS TX Standard and Advanced Operating System Command Injection Vulnerability
IBM CICS TX Standard and Advanced is a comprehensive, single transaction runtime package from IBM USA. It can provide a cloud-native deployment model for standalone applications. IBM CICS TX Standard and Advanced is vulnerable to operating system command injection, which can be exploited by...
CVE-2022-33009
A stored cross-site scripting XSS vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file...
CVE-2022-33122
A stored cross-site scripting XSS vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page...
CVE-2022-33113
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module...
CVE-2021-41432
A stored cross-site scripting XSS vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content...
Cross site scripting
A stored cross-site scripting XSS vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content...
CVE-2022-32262
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution...
Cross site scripting in Jfinal
A cross-site scripting XSS vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request...
CVE-2022-29648
A cross-site scripting XSS vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request...
EC-CUBE Cross-site scripting vulnerability
Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator's web browser...
CVE-2022-28618
A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could allow an attacker to execute arbitrary commands on a Nimble appliance. HPE has made the following...
CVE-2022-28618
A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could allow an attacker to execute arbitrary commands on a Nimble appliance. HPE has made the following...
UBUNTU-CVE-2022-1729
A race condition was found the Linux kernel in perfeventopen which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc...
CVE-2022-28959
Multiple cross-site scripting XSS vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML...
CVE-2022-28959
Multiple cross-site scripting XSS vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML...
CVE-2022-28959
Multiple cross-site scripting XSS vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML...
CVE-2022-28959
Multiple cross-site scripting XSS vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML...
CVE-2021-26630
Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable function...
Yii PHP Framework arbitrary PHP scripts execution
The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property...