EUVD-2026-18262

Endian Firewall version 3.3.25 and prior allow authenticated users to delete arbitrary files via directory traversal in the remove ARCHIVE parameter to /cgi-bin/backup.cgi. The remove ARCHIVE parameter value is used to construct a file path without sanitization of directory traversal sequences,...

CVE-2026-34790

Endian Firewall version 3.3.25 and prior allow authenticated users to delete arbitrary files via directory traversal in the remove ARCHIVE parameter to /cgi-bin/backup.cgi. The remove ARCHIVE parameter value is used to construct a file path without sanitization of directory traversal sequences,...

PT-2026-29750

Endian Firewall version 3.3.25 and prior allow authenticated users to delete arbitrary files via directory traversal in the remove ARCHIVE parameter to /cgi-bin/backup.cgi. The remove ARCHIVE parameter value is used to construct a file path without sanitization of directory traversal sequences,...

EUVD-2007-5405

Malware in sbrugna...

PT-2023-12416 · Unknown · Th3-822 Rapidleech

Name of the Vulnerable Software and Affected Versions: Th3-822 Rapidleech affected versions not specified Description: A problematic vulnerability has been found in Th3-822 Rapidleech, affecting the function zip go of the file classes/options/zip.php. The manipulation of the argument archive lead...

PrestaShop SQL注入漏洞

Prestashop is a set of open source e-commerce solutions from the United States Prestashop. The solution provides multiple payment methods, short message alerts, and product image zoom and other features. A SQL injection vulnerability exists in SmartDataSoft SmartBlog for PrestaShop versions prior...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Nucleus 3.01 allows remote attackers to inject arbitrary web script or HTML via the archive parameter...

CVE-2007-5429

Cross-site scripting XSS vulnerability in index.php in Nucleus 3.01 allows remote attackers to inject arbitrary web script or HTML via the archive parameter...

CVE-2007-5429

Cross-site scripting XSS vulnerability in index.php in Nucleus 3.01 allows remote attackers to inject arbitrary web script or HTML via the archive parameter...

Vulnerability in Nucleus

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в Nucleus. XSS: Уязвимость на странице index.php в параметре archive. http://site/index.php?blogid=1&archive=2007-01-013Cscript3Ealertdocument.cookie3C/script3E Дополнительная информация о данной уязвимости у меня н...

[SA19289] CuteNews "archive" Disclosure of Sensitive Information Vulnerability

TITLE: CuteNews "archive" Disclosure of Sensitive Information Vulnerability SECUNIA ADVISORY ID: SA19289 VERIFY ADVISORY: http://secunia.com/advisories/19289/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: CuteNews 1.x...

phpWordPress 3.0 SQL inj.

phpWordPress Article Manager 3.0 SQL inj. Vuln. dicovered by : r0t Date: 25 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/phpwordpress-30-sql-inj.html Vendor:http://www.word-press.net/ affected version: 3.0 and prior. Vuln. Description: Input passed to the "poll" "category" and...