CVE-2021-41556

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read in the core interpreter that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all...

Cross-site Scripting (XSS)

valine is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization of the nick parameters via /classes/Comments allowing an attacker to inject and store maliciously crafted script...

Librenms 跨站脚本漏洞

Librenms is a PHP and MySQL based open source network monitoring system from the Librenms community. The system features custom alerts, auto-discovery of network environments and automatic updates.Librenms suffers from a cross-site scripting vulnerability that stems from the lack of proper...

cPanel Cross-Site Scripting Vulnerability (CNVD-2019-26358)

cPanel is a set of Web-based automated colocation platforms from the American company cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in the WHM listips interface in versions prior to cPanel 68.0.27. The...

MiniCMS Cross-Site Scripting Vulnerability (CNVD-2019-23979)

MiniCMS is a content management system CMS designed for personal websites. A cross-site scripting vulnerability exists in the mc-admin/post-edit.php file in MiniCMS version 1.10. The vulnerability stems from the lack of proper validation of client-side data by the WEB application. An attacker can...

Stored Cross-Site Scripting Vulnerability in 78OA Office System

78OA office system is a full-featured OA office system launched by Shenzhen Xinxingkong Software for large and medium-sized enterprises and group enterprises. 78OA office system has a stored cross-site script vulnerability, an attacker can directly insert the cross-site script, and triggered by a...

Fiyo CMS HTML Injection Vulnerability

Fiyo CMS is a content management system CMS for creating CMS templates. An HTML injection vulnerability exists in Fiyo CMS that stems from the program's failure to adequately filter user-submitted input. When a user browses the affected site, their browser will execute arbitrary HTML or script co...

Chamilo LMS Cross-Site Request Forgery Vulnerability

Chamilo LMS is an open source online learning and collaboration system developed by the Chamilo Association. The system supports the creation of instructional content, distance training and online question and answer sessions. Chamilo LMS suffers from cross-site request forgery vulnerabilities th...

Free Simple CMS Cross-Site Scripting Vulnerability

Free Simple CMS is an open source content management system CMS. The system supports customized templates and other features. A cross-site scripting vulnerability exists in Free Simple CMS, which stems from the program's failure to adequately filter user-submitted input. When a user browses the...

Barracuda Networks IM Firewall Cross-Site Scripting Vulnerability

Barracuda Networks IM Firewall is an instant messaging solution from Barracuda Networks that integrates an IM server, client management and security measures. The solution provides keyword identification and reporting, file transfer, IM traffic identification and logging. A cross-site scripting...

TinyWebGallery Cross-Site Scripting Vulnerability

TinyWebGallery TWG is a software developer Michael Dempfle developed a set of open source album based on Ajax, PHP and XML , it provides text and image watermarking , slide show , image uploading and management and other functions . A cross-site scripting vulnerability exists in TWG that stems fr...

Kide Shoutbox 0.4.6 - XSS & AXFR

No description provided by source. andresg888 Web: : www.ilegalintrusion.nethttp://www.ilegalintrusion.net & www.bl4ck-p0rtal.orghttp://www.bl4ck-p0rtal.org Exploit : Go to the shoutbox and type: font color=redred text/font or marqueehi/marquee or 3xplo!t :...

phpBB Insert User Mod 0.1.2 - Remote File Inclusion

phpBB Insert User Mod 0.1.2 - Remote File Inclusion !/usr/bin/perl PHPBB insert user 0.1.2 Class: Remote File Include Vulnerability Patch: unavailable Date: 2006/10/12 Remote: Yes Type: high Site: http://www.grahameames.co.uk/phpbb/downloads/insertuser0.1.2.zip use IO::Socket; use LWP::Simple;...

"View Image" local resource linking (Windows) — Mozilla

Normally Mozilla-based clients prevent web content from linking to local files but Eric Foley reports a partial bypass of this restriction by using Windows filename syntax on a Windows computer rather than a file:/// URL as the SRC= attribute. The image will not be loaded on the web page--it will...

Logwatch 2.6 Secure Script - Denial of Service

source: https://www.securityfocus.com/bid/13273/info Logwatch is prone to a denial of vulnerability in the secure script. This issue may be exploited by a local attacker who can inject a malicious string into a log file, causing a denial of service condition. As a result, the utility may not dete...

Gallery134.txt

Application: Gallery Vendors: http://gallery.sourceforge.net Versions: v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Platforms: Windows Bug: Cross Site Scripting Vulnerability Exploitation: Remote With Browser Date: 17 Jan 2005 Author: Rafel Ivgi, The-Insider E-Mail: [email protected] Website:...

Gallery 1.4 - index.php Remote File Inclusion

Gallery 1.4 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/8814/info It has been reported that Gallery is prone to a remote file include vulnerability in the index.php script file. The problem occurs due to the program failing to verify the location in which it includ...

CVE-2003-0447

The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a "javascript:" link to be generated...

PostNuke 0.72 - modules.php Cross-Site Scripting

PostNuke 0.72 - modules.php Cross-Site Scripting source: https://www.securityfocus.com/bid/5809/info A cross site scripting vulnerability has been reported for PostNuke. An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link. Attacker-supplied HTML and...

GNU Mailman 2.0.x - Admin Login Variant Cross-Site Scripting

GNU Mailman 2.0.x - Admin Login Variant Cross-Site Scripting source: https://www.securityfocus.com/bid/5299/info GNU Mailman is prone to a cross-site scripting vulnerability. An attacker may construct a malicious link to the administrative login page, which contains arbitrary HTML and script code...