EUVD-2023-46202

Malicious code in bioql PyPI...

EUVD-2022-2995

Malicious code in bioql PyPI...

PT-2025-31006 · Code Projects · Code-Projects Online Ordering System

Name of the Vulnerable Software and Affected Versions: code-projects Online Ordering System version 1.0 Description: A critical vulnerability exists in code-projects Online Ordering System 1.0. The vulnerability is due to a SQL injection flaw within an unknown function of the /admin/delete user.p...

SUSE CVE-2018-13982

SmartySecurity::isTrustedResourceDir in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files...

CVE-2020-7677

This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization...

WordPress Multiple Vulnerabilities (Jan 2022) - Linux

WordPress is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Angular vulnerable to Cross-site Scripting

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping elements in ones changes parsing behavior, leading to possibly unsanitizing code...

CVE-2020-7640

CVE-2020-7640 describes an OS command injection in pixl-class prior to version 1.0.3. The vulnerability arises because the members parameter of the create function is not sanitized, allowing an attacker to execute arbitrary commands. Affected: pixl-class (Node.js module) before 1.0.3. Impact per ...

MGASA-2018-0403 Updated php-smarty packages fix security vulnerability

Smarty 3.1.32 or below is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files CVE-2018-13982...

openSUSE: Security Advisory for php5-smarty3 (openSUSE-SU-2018:2859-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2018-13982

SmartySecurity::isTrustedResourceDir in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files...

acidcat cms 3.4.1 - Multiple Vulnerabilities

No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: Acidcat CMS Multiple Vulnerabilities. Vendor: www.acidcat.com Vulnerable Version: 3.4.1 Exploit: Available Impact: High Fix: N/A Original Advisory: http://bugreport.ir/index.php?/36 1. Description: Acidcat...

Elastix < 2.4 PHP Code Injection Vulnerability

Elastix is prone to a PHP code injection vulnerability because it fails to properly sanitize user-supplied input. Copyright C 2013 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Vtiger CRM <= 5.2.1 RCE Vulnerability

Vtiger CRM is prone to a remote code execution RCE vulnerability because the application fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Ferdows CMS Pro 1.1.0 - Multiple Vulnerabilities

Ferdows CMS Pro 1.1.0 - Multiple Vulnerabilities www.BugReport.ir AmnPardaz Security Research Team Title: Ferdows CMS Pro =1.1.0 Multiple Vulnerabilities Vendor: www.fcms.ir Exploit: Available Vulnerable Version: 1.1.0 Pro Impact: Medium Original Advisory: http://www.bugreport.ir/index77.htm Fix:...

Classmates XSS cross-site vulnerabilities-vulnerability warning-the black bar safety net

Vulnerability description: Classmates 1.1.1 design flaws, leading toXSScross-site vulnerability; user can be in a vulnerable application to execute arbitrary JavaScript code. Since the vulnerability exists in“/themes/default/header.inc.php“script is not properly sanitized of user-supplied input t...

[ECHO_ADV_113$2010] BSI Hotel Booking System Admin Login Bypass Vulnerability

----------------------------------------------------------------------------------------- ECHOADV113$2010 BSI Hotel Booking System Admin Login Bypass Vulnerability ----------------------------------------------------------------------------------------- Author : K-159 Date : September, 22th 2010...

ezContents CMS 2.0.3 Bypass / SQL Injection

www.BugReport.ir AmnPardaz Security Research Team Title: ezContents CMS Multiple Vulnerabilities Vendor: http://ezcontents.org/ Vulnerable Version: 2.0.3 and prior versions Exploitation: Remote with browser Fix: N/A - Description: ezContents is a nice PHP CMS which allow management of dynamic...

igescms-multi.txt

www.BugReport.ir AmnPardaz Security Research Team Title: IGES CMS =2.0 Multiple Vulnerabilities Vendor: www.iges.nl Exploit: Available Vulnerable Version: 2.0 Impact: High Fix: N/A 1. Description: IGES CMS is a complete, fully featured CMS in PHP language with SQL and became a powerful CMS having...

GL-SH Deaf Forum 6.5.5 - Multiple Vulnerabilities

GL-SH Deaf Forum 6.5.5 - Multiple Vulnerabilities www.BugReport.ir AmnPardaz Security Research Team Title: GL-SH Deaf Forum =6.5.5 Multiple Vulnerabilities Vendor: www.frank-karau.de Vulnerable Version: 6.5.5 and prior versions Exploit: Available Impact: High Fix: N/A Original Advisory:...