EUVD-2023-38594

A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data...

SUSE CVE-2022-1802

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR 91.9.1, Firefox 100.0.2, Firefox for Android 100.3.0,...

CVE-2022-47317

Out-of-bounds write vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file...

buildah: possible information disclosure and modification

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able t...

VulnCheck KEV: CVE-2022-1529

An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR...

Alfresco 跨站脚本漏洞

Alfresco is an open source enterprise content management system. The platform page using Freemarker development , the main features include document management , collaboration , records management , knowledge base management , Web content management and so on. Alfresco has a security vulnerabilit...

CVE-2021-1871

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this...

B2evolution Cms Cross-Site Scripting Vulnerability

b2evolution is a community content management system based on PHP and MySQL. A cross-site scripting vulnerability exists in B2evolution Cms, which stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side...

Unspecified vulnerability in Kaoni ezHTTPTrans (CNVD-2021-37778)

Kaoni ezHTTPTrans is a forwarding proxy software. A security vulnerability exists in Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and earlier versions. A remote attacker can exploit this vulnerability to download arbitrary files and execute code...

Command Execution Vulnerability in PbootCMS V1.3.2

PbootCMS is an open source enterprise building content management system CMS developed using the PHP language. PbootCMS V1.3.2 suffers from a command execution vulnerability that can be exploited by an attacker to execute code...

HashBrown CMS Remote Code Execution Vulnerability

HashBrown CMS is an open source headless content management system CMS. HashBrown CMS suffers from a remote code execution vulnerability that stems from the program not performing proper security checks. An attacker could exploit the vulnerability to execute code...

PrestaShop cross-site scripting vulnerability (CNVD-2020-02542)

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. A cross-site scripting vulnerability exists in PrestaShop version 1.7.6.2. The...

Open-Xchange OX App Suite Cross-Site Scripting Vulnerability (CNVD-2019-36981)

Open-Xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange USA. The environment allows users to manage email, tasks, files, etc. more intuitively. A cross-site scripting vulnerability exists in Open-Xchange OX App Suite versions 7.10.1 and 7.10.2. The vulnerabili...

DEBIAN-CVE-2017-7526

libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This...

Palo Alto Networks Panorama VM Appliance Arbitrary Code Execution Vulnerability

Palo Alto Networks Panorama VM Appliance is a solution from Palo Alto Networks, Inc. that supports the use of Panorama as a virtual appliance to manage distributed firewall networks through a central location. An arbitrary code execution vulnerability exists in the Palo Alto Networks Panorama VM...

MiniWeb (Build 300) Arbitrary File Upload

This module exploits a vulnerability in MiniWeb HTTP server build 300. The software contains a file upload vulnerability that allows an unauthenticated remote attacker to write arbitrary files to the file system. Code execution can be achieved by first uploading the payload to the remote machine ...

cURL and libcurl MD5 Digest Buffer Overflow (CVE-2013-0249)

The vulnerability is due to an error in Curlsaslcreatedigestmd5message while negotiating SASL DIGEST-MD5 authentication. A remote attacker can exploit this vulnerability by enticing a user to connect to a malicious server. This can lead to code execution in the context of the affected application...

e107 0.7.5 - 'search.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/18508/info e107 is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an...

Cumulative Patch for Internet Information Services (Q327696)

Cumulative Patch for Microsoft IIS Q327696 Impact of vulnerability: Ten new vulnerabilities, the most serious of which could enable code of an attacker's choice to be run on a server. Recommendation: Users using any of the affected products should install the patch immediately. Maximum Severity...

Elite Forum 1.0 - HTML Injection

Elite Forum 1.0 - HTML Injection source: https://www.securityfocus.com/bid/15257/info Elite Forum is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script...