EUVD-2015-7263

Malware in sbrugna...

EUVD-2022-45323

Malicious code in bioql PyPI...

CVE-2015-7339

JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a .php file extension for an image file to the /comjce/editor/libraries/classes/browser.php script...

CVE-2022-42247

pfSense v2.5.2 was discovered to contain a cross-site scripting XSS vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name...

CVE-2022-42247

pfSense v2.5.2 was discovered to contain a cross-site scripting XSS vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name...

CVE-2022-42247

pfSense v2.5.2 contains a cross-site scripting (XSS) vulnerability in the browser.php component, allowing arbitrary web scripts or HTML to be executed via a crafted payload injected into a file name. The issue is documented in several sources (e.g., NVD, Red Hat, OSV, CVE lists). Connected docume...

CVE-2022-42247

pfSense v2.5.2 was discovered to contain a cross-site scripting XSS vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name...

PT-2022-26332 · Pfsense · Pfsense

Name of the Vulnerable Software and Affected Versions: pfSense version 2.5.2 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name, due to a cross-site scripting XSS vulnerability in the browser.php component...

pfSense 跨站脚本漏洞

pfSense is a set of network firewalls based on FreeBSD Linux. A cross-site scripting vulnerability exists in pfSense version v2.5.2, which stems from the inclusion of a cross-site scripting XSS vulnerability in the browser.php component, which allows an attacker to execute arbitrary web script or...

desiary.pressloft.com XSS vulnerability

Open Bug Bounty ID: OBB-606582 Description| Value ---|--- Affected Website:| desiary.pressloft.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-6013

Cross-site scripting XSS in BigTree 4.2.19 allows any remote users to inject arbitrary web script or HTML via the directory parameter. This issue exists in core/admin/ajax/developer/extensions/file-browser.php...

Cross site scripting

groovel/cmsgroovel before 3.3.7-beta is vulnerable to a reflected XSS in commons/browser.php path parameter...

CVE-2017-6480

groovel/cmsgroovel before 3.3.7-beta is vulnerable to a reflected XSS in commons/browser.php path parameter...

CVE-2017-6480

CVE-2017-6480 affects groovel/cmsgroovel older than 3.3.7-beta, with a reflected XSS in commons/browser.php (path parameter). The vulnerability allows injection of script code via the path parameter, potentially compromising user sessions or content viewed by victims. Exploitation details (e.g., ...

shooting.cz XSS vulnerability

Vulnerable URL: http://www.shooting.cz/browser.php?cat=244--=category1.h Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 4557726 VIP website status:| No Check shooting.cz SSL...

EasySite 2.0 - browser.php EASYSITE_BASE Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/28563/info EasySite is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and th...

JBrowser 1.0/2.x Browser.PHP Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9535/info JBrowser has been reported to be vulnerable to directory traversal vulnerability that may allow a remote attacker to gain access to files readable by the web-server that reside outside of the server root...

Sql injection

Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 aka Uploader PRO, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to a img.php, b file.php, c mail.php, d thumb.php, e zip.php, and f zipit.php, and 2 the view parameter t...

CVE-2008-3312

Directory traversal vulnerability in lemonincludes/FCKeditor/editor/filemanager/browser/browser.php in Lemon CMS 1.10 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the dir parameter. NOTE: the provenance of this information is unknown; the details are...

Lemon CMS 1.10 - browser.php Local File Inclusion

Lemon CMS 1.10 - browser.php Local File Inclusion source: https://www.securityfocus.com/bid/30285/info Lemon CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings t...