26 matches found
CVE-2026-0100
In Load of LoadedArsc.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
Apktool: Path Traversal to Arbitrary File Write
A path traversal vulnerability in brut/androlib/res/decoder/ResFileDecoder.java allows a maliciously crafted APK to write arbitrary files to the filesystem during standard decoding apktool d. This is a security regression introduced in commit e10a045 PR 4041, December 12, 2025, which removed the...
CVE-2021-39664
In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure when parsing an APK file with no additional execution privileges needed. User interaction is needed for exploitation.Product:...
ARSC Really Simple Chat 3.3 - Remote File Inclusion & XSS Vulnerability
No description provided by source. = ARSC Really Simple Chat V3.3 Remote File Inclsion & Cross Site Scripting Vulnerability = Author : Zer0 Thunder = Home : http://colombohackers.com = Download : http://sourceforge.net/projects/arsc/ = Date : 06/25/2010 Remote File Inclusion ---...
CVE-2011-2470
Cross-site scripting XSS vulnerability in chat/base/admin/login.php in A Really Simple Chat ARSC 3.3-rc2 allows remote attackers to inject arbitrary web script or HTML via the arscmessage parameter...
CVE-2011-2180
Cross-site scripting XSS vulnerability in dereferer.php in A Really Simple Chat ARSC 3.3-rc2 allows remote attackers to inject arbitrary web script or HTML via the arsclink parameter...
Sql injection
Multiple SQL injection vulnerabilities in A Really Simple Chat ARSC 3.3-rc2 allow remote attackers to execute arbitrary SQL commands via the 1 arscuser parameter to base/admin/edituser.php, 2 arsclayoutid parameter in base/admin/editlayout.php, or 3 arscroom parameter to base/admin/editroom.php...
Cross site scripting
Cross-site scripting XSS vulnerability in chat/base/admin/login.php in A Really Simple Chat ARSC 3.3-rc2 allows remote attackers to inject arbitrary web script or HTML via the arscmessage parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in dereferer.php in A Really Simple Chat ARSC 3.3-rc2 allows remote attackers to inject arbitrary web script or HTML via the arsclink parameter...
CVE-2011-2470
Cross-site scripting XSS vulnerability in chat/base/admin/login.php in A Really Simple Chat ARSC 3.3-rc2 allows remote attackers to inject arbitrary web script or HTML via the arscmessage parameter...
CVE-2011-2470
CVE-2011-2470 is a Cross-site Scripting (XSS) vulnerability in A Really Simple Chat (ARSC) 3.3-rc2. The issue affects the login form at chat/base/admin/login.php via the arsc_message parameter, allowing remote attackers to inject arbitrary script/HTML. CVSSv2 base score is 4.3 (Medium) with vecto...
CVE-2011-2180
ARSC (A Really Simple Chat) v3.3-rc2 is affected by CVE-2011-2180: a Cross-site Scripting (XSS) flaw in dereferer.php where the arsc_link parameter can inject arbitrary HTML/JS. The issue is documented across multiple feeds (NVD, Red Hat, CVE listings) with the confirmed vector being input sanita...
CVE-2011-2181
Multiple SQL injection vulnerabilities in A Really Simple Chat ARSC 3.3-rc2 allow remote attackers to execute arbitrary SQL commands via the 1 arscuser parameter to base/admin/edituser.php, 2 arsclayoutid parameter in base/admin/editlayout.php, or 3 arscroom parameter to base/admin/editroom.php...
CVE-2011-2181
CVE-2011-2181 concerns multiple SQL injection vulnerabilities in A Really Simple Chat (ARSC) 3.3-rc2. The flaws occur through unsanitized input in three admin endpoints: base/admin/edit_user.php (arsc_user), base/admin/edit_layout.php (arsc_layout_id), and base/admin/edit_room.php (arsc_room). Ex...
CVE-2011-2180
Cross-site scripting XSS vulnerability in dereferer.php in A Really Simple Chat ARSC 3.3-rc2 allows remote attackers to inject arbitrary web script or HTML via the arsclink parameter...
HTB22997: XSS in A Really Simple Chat (ARSC)
Vulnerability ID: HTB22997 Reference: http://www.htbridge.ch/advisory/xssinareallysimplechatarsc.html Product: A Really Simple Chat ARSC Vendor: http://www.reallysimplechat.org/ http://www.reallysimplechat.org/ Vulnerable Version: 3.3-rc2 Vendor Notification: 12 May 2011 Vulnerability Type: XSS...
ARSC Really Simple Chat 3.3-rc2 - Cross-Site Scripting Multiple SQL Injections
ARSC Really Simple Chat 3.3-rc2 - Cross-Site Scripting Multiple SQL Injections source: https://www.securityfocus.com/bid/48083/info ARSC Really Simple Chat is prone to a cross-site scripting vulnerability and multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize...
A Really Simple Chat (ARSC) 3.3-rc2 XSS / SQL Injection
============================== Vulnerability ID: HTB22999 Reference: http://www.htbridge.ch/advisory/multiplesqlinjectionsinareallysimplechatarsc.html Product: A Really Simple Chat ARSC Vendor: http://www.reallysimplechat.org/ http://www.reallysimplechat.org/ Vulnerable Version: 3.3-rc2 Vendor...
ARSC Really Simple Chat 3.3-rc2 - Cross-Site Scripting / Multiple SQL Injections
source: https://www.securityfocus.com/bid/48083/info ARSC Really Simple Chat is prone to a cross-site scripting vulnerability and multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to execute arbitra...
Multiple Vulnerabilities in A Really Simple Chat (ARSC)
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in A Really Simple Chat ARSC which could be exploited to perform cross-site scripting, cross-site request forgery and SQL injection attacks. 1 Cross-site scripting XSS vulnerability in A Really Simple Chat ARSC:...