7 matches found
EUVD-2026-30865
The extension passes an attacker-controlled cookie directly to PHP's unserialize without safely processing the input. A remote, unauthenticated attacker can supply a crafted serialized payload to trigger PHP Object Injection, leading to Remote Code Execution on the TYPO3 server. Exploitation...
CVE-2026-35178
The CVE-2026-35178 affects Salesforce Workbench (admin/developer tooling) prior to version 65.0.0. A remote code execution vulnerability exists in the timezone conversion flow that processes attacker-controlled cookie values in an unsafe manner. Impact is described as high for confidentiality and...
EUVD-2009-1726
Malware in sbrugna...
CVE-2020-26768
Formstone =1.4.16 is vulnerable to a Reflected Cross-Site Scripting XSS vulnerability caused by improper validation of user supplied input in the upload-target.php and upload-chunked.php files. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in...
XSS Vulnerability in Shipping 100 - Virtual Goods Auto-Shipping System (CNVD-2020-31442)
Shipping 100-Virtual Goods Autoship System is a powerful virtual goods autoship system/article pay to read system. An XSS vulnerability exists in Shipment 100 - Virtual Goods Autoship System. An attacker can exploit the vulnerability to obtain user cookie information...
ExpressionEngine 1.6 - Avtaar Name HTML Injection
ExpressionEngine 1.6 - Avtaar Name HTML Injection source: https://www.securityfocus.com/bid/34193/info ExpressionEngine is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content...
PHPGedView 2.52.6 - Gedrecord.php Cross-Site Scripting
PHPGedView 2.52.6 - Gedrecord.php Cross-Site Scripting source: https://www.securityfocus.com/bid/11891/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issu...