10 matches found
EUVD-2025-37755
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros2.php'...
CVE-2024-5181
A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend parameter in the configuration file, which is used in the name of the initialized process. An attacker can exploit this vulnerability by...
LocalAI Operating System Command Injection Vulnerability
LocalAI is a free, open source alternative to OpenAI from the individual developer Ettore Di Giacinto. An OS command injection vulnerability exists in localai version 2.14.0, which stems from improper neutralization of special elements used in OS commands, allowing an attacker to execute arbitrar...
S-CMS School Building System v1.0 SQL Injection Vulnerability in Backend a*** S_s*** Parameter
S-CMS is a content management system CMS based on PHP and MySQL. S-CMS School Building System v1.0 has a SQL injection vulnerability in the background a Ss parameter, which can be exploited by attackers to obtain sensitive information from the database...
S-CMS php version enterprise website builder system v3.0 backend aj***.php C**_1y*** parameter SQL injection vulnerability
S-CMS enterprise station building system is Zibo Shining Network Technology Co., Ltd. developed a specialized enterprise station building solutions for the product. S-CMS php version of the enterprise website building system v3.0 background aj.php C1y parameter there is a SQL injection...
Cross-Site Scripting Vulnerability in LvyeCMS
LvyeCms 旅烨cms is a php content management system based on ThinkPHP. A cross-site scripting vulnerability exists in LvyeCMS. The vulnerability stems from the system not strictly filtering the backend parameters. An attacker can obtain super admin login privileges by constructing a specially crafte...
Horde Passwd模块backend参数跨站脚本漏洞
BUGTRAQ ID: 35573 Horde Framework是个以PHP为基础的架构,用来创建网络应用程序;Passwd是其中用于更改口令的模块。 Horde Passwd模块的passwd/main.php文件没有正确的过滤用户所提交的backend参数,远程攻击者可以通过向该模块提交恶意请求执行跨站脚本攻击,导致在用户浏览器会话中执行任意HTML和脚本代码。 Horde Passwd 3.1 厂商补丁: Horde ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
CVE-2009-2360
Cross-site scripting XSS vulnerability in passwd/main.php in the Passwd module before 3.1.1 for Horde allows remote attackers to inject arbitrary web script or HTML via the backend parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in passwd/main.php in the Passwd module before 3.1.1 for Horde allows remote attackers to inject arbitrary web script or HTML via the backend parameter...
CVE-2009-2360
Cross-site scripting XSS vulnerability in passwd/main.php in the Passwd module before 3.1.1 for Horde allows remote attackers to inject arbitrary web script or HTML via the backend parameter...