CVE-2026-0100

In Load of LoadedArsc.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0100

In Load of LoadedArsc.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Apktool: Path Traversal to Arbitrary File Write

A path traversal vulnerability in brut/androlib/res/decoder/ResFileDecoder.java allows a maliciously crafted APK to write arbitrary files to the filesystem during standard decoding apktool d. This is a security regression introduced in commit e10a045 PR 4041, December 12, 2025, which removed the...

CVE-2021-39664

In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure when parsing an APK file with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

ARSC Really Simple Chat 3.3 - Remote File Inclusion & XSS Vulnerability

No description provided by source. = ARSC Really Simple Chat V3.3 Remote File Inclsion & Cross Site Scripting Vulnerability = Author : Zer0 Thunder = Home : http://colombohackers.com = Download : http://sourceforge.net/projects/arsc/ = Date : 06/25/2010 Remote File Inclusion ---...

CVE-2011-2470

Cross-site scripting XSS vulnerability in chat/base/admin/login.php in A Really Simple Chat ARSC 3.3-rc2 allows remote attackers to inject arbitrary web script or HTML via the arscmessage parameter...

CVE-2011-2180

Cross-site scripting XSS vulnerability in dereferer.php in A Really Simple Chat ARSC 3.3-rc2 allows remote attackers to inject arbitrary web script or HTML via the arsclink parameter...

Sql injection

Multiple SQL injection vulnerabilities in A Really Simple Chat ARSC 3.3-rc2 allow remote attackers to execute arbitrary SQL commands via the 1 arscuser parameter to base/admin/edituser.php, 2 arsclayoutid parameter in base/admin/editlayout.php, or 3 arscroom parameter to base/admin/editroom.php...

Cross site scripting

Cross-site scripting XSS vulnerability in chat/base/admin/login.php in A Really Simple Chat ARSC 3.3-rc2 allows remote attackers to inject arbitrary web script or HTML via the arscmessage parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in dereferer.php in A Really Simple Chat ARSC 3.3-rc2 allows remote attackers to inject arbitrary web script or HTML via the arsclink parameter...

CVE-2011-2181

Multiple SQL injection vulnerabilities in A Really Simple Chat ARSC 3.3-rc2 allow remote attackers to execute arbitrary SQL commands via the 1 arscuser parameter to base/admin/edituser.php, 2 arsclayoutid parameter in base/admin/editlayout.php, or 3 arscroom parameter to base/admin/editroom.php...

CVE-2011-2470

CVE-2011-2470 is a Cross-site Scripting (XSS) vulnerability in A Really Simple Chat (ARSC) 3.3-rc2. The issue affects the login form at chat/base/admin/login.php via the arsc_message parameter, allowing remote attackers to inject arbitrary script/HTML. CVSSv2 base score is 4.3 (Medium) with vecto...

CVE-2011-2180

Cross-site scripting XSS vulnerability in dereferer.php in A Really Simple Chat ARSC 3.3-rc2 allows remote attackers to inject arbitrary web script or HTML via the arsclink parameter...

CVE-2011-2180

ARSC (A Really Simple Chat) v3.3-rc2 is affected by CVE-2011-2180: a Cross-site Scripting (XSS) flaw in dereferer.php where the arsc_link parameter can inject arbitrary HTML/JS. The issue is documented across multiple feeds (NVD, Red Hat, CVE listings) with the confirmed vector being input sanita...

CVE-2011-2470

Cross-site scripting XSS vulnerability in chat/base/admin/login.php in A Really Simple Chat ARSC 3.3-rc2 allows remote attackers to inject arbitrary web script or HTML via the arscmessage parameter...

CVE-2011-2181

CVE-2011-2181 concerns multiple SQL injection vulnerabilities in A Really Simple Chat (ARSC) 3.3-rc2. The flaws occur through unsanitized input in three admin endpoints: base/admin/edit_user.php (arsc_user), base/admin/edit_layout.php (arsc_layout_id), and base/admin/edit_room.php (arsc_room). Ex...

HTB22997: XSS in A Really Simple Chat (ARSC)

Vulnerability ID: HTB22997 Reference: http://www.htbridge.ch/advisory/xssinareallysimplechatarsc.html Product: A Really Simple Chat ARSC Vendor: http://www.reallysimplechat.org/ http://www.reallysimplechat.org/ Vulnerable Version: 3.3-rc2 Vendor Notification: 12 May 2011 Vulnerability Type: XSS...

A Really Simple Chat (ARSC) 3.3-rc2 XSS / SQL Injection

============================== Vulnerability ID: HTB22999 Reference: http://www.htbridge.ch/advisory/multiplesqlinjectionsinareallysimplechatarsc.html Product: A Really Simple Chat ARSC Vendor: http://www.reallysimplechat.org/ http://www.reallysimplechat.org/ Vulnerable Version: 3.3-rc2 Vendor...

ARSC Really Simple Chat 3.3-rc2 - Cross-Site Scripting Multiple SQL Injections

ARSC Really Simple Chat 3.3-rc2 - Cross-Site Scripting Multiple SQL Injections source: https://www.securityfocus.com/bid/48083/info ARSC Really Simple Chat is prone to a cross-site scripting vulnerability and multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize...

ARSC Really Simple Chat 3.3-rc2 - Cross-Site Scripting / Multiple SQL Injections

source: https://www.securityfocus.com/bid/48083/info ARSC Really Simple Chat is prone to a cross-site scripting vulnerability and multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to execute arbitra...