CVE-2013-3645

Cross-site scripting XSS vulnerability in the Orchard.Comments module in Orchard before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2005-2861

Cross-site scripting XSS vulnerability in N-Stealth Commercial Edition before 5.8.0.38 and Free Edition before 5.8.1.03 allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report...

GHSA-HXW5-9CC5-CMW5 LibreNMS stored Cross-site Scripting vulnerability in poller group name

LibreNMS v25.4.0 suffers from Stored Cross-Site Scripting XSS Vulnerability in the 'group name' parameter of the 'http://localhost/poller/groups' form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users...

CVE-2025-22617 WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'editar_socio.php' parameter 'socio'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the editarsocio.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in t...

Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining

The infamous cryptojacking group known as TeamTNT appears to be readying for a new large-scale campaign targeting cloud-native environments for mining cryptocurrencies and renting out breached servers to third-parties. "The group is currently targeting exposed Docker daemons to deploy Sliver...

CVE-2024-24122

A remote code execution vulnerability in the project management of Wanxing Technology's Yitu project which allows an attacker to use the exp.adpx file as a zip compressed file to construct a special file name, which can be used to decompress the project file into the system startup folder, restar...

CVE-2024-24122

CVE-2024-24122 describes a remote code execution in Wanxing Technology’s Yitu project management. A crafted exp.adpx file is treated as a zip archive with a special filename, enabling decompression of the project file into the system startup folder, followed by a system restart and automatic exec...

Yitu 安全漏洞

wondershare Yitu 亿图 is a one-stop office mapping tool from the Chinese company wondershare. A security vulnerability exists in Yitu version 3.2.2, which stems from a remote code execution vulnerability that allows an attacker to construct a special filename for the exp.adpx file in the form of a...

SUSE CVE-2022-21689

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions the receive mode limits concurrent uploads to 100 per second and blocks other uploads in the same second, which can be triggered b...

Intel the reproduction of new vulnerabilities or be subjected to hackers implant attack script-vulnerability warning-the black bar safety net

5 on 22, reported,yesterday, Intel and Microsoft announced a Spectre and Meltdown security vulnerability, the new variant-the“variant 4”. The new variant is the use of“Speculative Store Bypass”, the defect enables the Processor chip to a potential unsafe area to disclose sensitive information...

Microsoft Credential Security Support Provider - Remote Code Execution Vulnerability

Exploit for windows platform in category remote exploits credssp This is a poc code for exploiting CVE-2018-0886. It should be used for educational purposes only. It relies on a fork of the rdpy projecthttps://github.com/preempt/rdpy, allowing also credssp relay. Written by Eyal Karni, Preempt...

Microsoft Credential Security Support Provider - Remote Code Execution

credssp This is a poc code for exploiting CVE-2018-0886. It should be used for educational purposes only. It relies on a fork of the rdpy projecthttps://github.com/preempt/rdpy, allowing also credssp relay. Written by Eyal Karni, Preempt [email protected] Build Instructions Linux If you are usin...

Apple iOS 10.2 - Broadcom Out-of-Bounds Write when Handling 802.11k Neighbor Report Response

Apple iOS 10.2 - Broadcom Out-of-Bounds Write when Handling 802.11k Neighbor Report Response Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1289 The exploit gains code execution on the Wi-Fi firmware on the iPhone 7. The exploit has been tested against the Wi-Fi firmware as...

KEMP LoadMaster 7.135.0.13245 XSS / Code Execution

Vulnerability Summary KEMPas main product, the LoadMaster, is a load balancer built on its own proprietary software platform called LMOS, that enables it to run on almost any platform: As a KEMP LoadMaster appliance, a Virtual LoadMaster VLM deployed on HyperAV, VMWare, on bare metal or in the...

KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting / Remote Code Execution Vulnerabilit

Exploit for multiple platform in category web applications Vulnerability Summary KEMP’s main product, the LoadMaster, is a load balancer built on its own proprietary software platform called LMOS, that enables it to run on almost any platform: As a KEMP LoadMaster appliance, a Virtual LoadMaster...

PHP Utility Belt remote code execution vulnerability verification and analysis-vulnerability warning-the black bar safety net

! PHP Utility Belt is a tool for PHP application developers use a set of tools that can be used to test regular expressions and observed with pregmatch and pregmatchall function to match the observed pregreplate the result of the function; contains two words, two numbers with a capital letter and...

ILIAS eLearning 4.3.4 & 4.4 CMS - Persistent Vulnerability

Document Title: =============== ILIAS eLearning 4.3.4 & 4.4 CMS - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1122 Release Date: ============= 2013-10-28 Vulnerability Laboratory ID VL-ID: ====================================...

CVE-2008-0809

Cross-site scripting XSS vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents...

DanPHPSupport 0.5 - 'admin.php?do' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20203/info DanPHPSupport is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute in the browser of an...

Fastream NETFile Web Server 7.1.2 - 'HEAD' Denial of Service

Fastream NETFile FTP/Web Server 7.1.2 Professional DoS Exploit Bug found by bratax ck Coded bY karak0rsan d0gma.org // unuver.com Greetz:hurby,phalaposher,l4m3r,Atak,spymaster,razor... $host=$ARGV0; $port=$ARGV1; if!$ARGV1 print "Fastream FTP/Web Server DoS\n"; print "Coded by karak0rsan //...