942 matches found
CVE-2025-10667
CVE-2025-10667 affects the itsourcecode Online Discussion Forum 1.0. The vulnerability is a SQL injection in the file /members/compose_msg.php caused by manipulation of the ID parameter, enabling remote exploitation. Multiple sources confirm the issue and publicly available exploit code may exist...
CVE-2025-10667 itsourcecode Online Discussion Forum compose_msg.php sql injection
A weakness has been identified in itsourcecode Online Discussion Forum 1.0. Affected by this issue is some unknown functionality of the file /members/composemsg.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been...
itsourcecode Online Discussion Forum SQL注入漏洞
itsourcecode Online Discussion Forum is an online forum of itsourcecode open source. A SQL injection vulnerability exists in version 1.0 of itsourcecode Online Discussion Forum, which stems from incorrect manipulation of the parameter ID in the file /members/composemsg.php, which could lead to a...
PT-2025-38322
Name of the Vulnerable Software and Affected Versions itsourcecode Online Discussion Forum version 1.0 Description A SQL injection weakness exists in the file /members/compose msg.php due to the manipulation of the ID argument. This issue is exploitable remotely. The exploit has been made publicl...
itsourcecode Online Discussion Forum SQL注入漏洞
itsourcecode Online Discussion Forum is an online forum of itsourcecode open source. A SQL injection vulnerability exists in itsourcecode Online Discussion Forum version 1.0, which stems from incorrect manipulation of the parameter ID in the file /members/composemsgadmin.php, which could lead to ...
CVE-2025-55996
Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface...
metasploit-framework
This repository is an offensive tool for Metasploit Framework. It is a collection of files and workflows used to build and test the Metasploit Framework, a penetration testing tool. The repository contains various templates for reporting issues, suggesting new features, and submitting pull...
CVE-2025-55996
Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface...
CVE-2025-55996
Viber Desktop 25.6.0 is affected by a HTML Injection vulnerability caused by improper handling of the text parameter in the message compose/forward interface. The issue can be triggered via the text field and has a CVSSv3.1 base score of 6.3 (Medium) with NETWORK attack vector, requiring user int...
CVE-2025-55996
Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface...
CVE-2025-55996
Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface...
PT-2025-37322
Name of the Vulnerable Software and Affected Versions: Viber Desktop version 25.6.0 Description: Viber Desktop version 25.6.0 is susceptible to HTML Injection through the text parameter within the message compose/forward interface. Recommendations: As a temporary workaround, sanitize the text...
Rakuten Viber Desktop 安全漏洞
Rakuten Viber Desktop is an instant messaging software from Viber Luxembourg. A security vulnerability exists in Rakuten Viber Desktop version 25.6.0, which stems from improper handling of text parameters in the message compose or forward interface, which could lead to an HTML injection attack...
vulhub
This is a pre-built vulnerable environment based on Docker-Compose, provided by the Vulhub project. The repository contains a collection of vulnerable applications and services, along with their corresponding Dockerfiles and configuration files. The vulnerable environments are designed to help...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
This repository is a collection of proof-of-concept PoC exploits from Datadog Security Labs. The exploits are designed to demonstrate vulnerabilities in various software products, including Confluence, OpenSSL, and Spring. The repository contains code and instructions for running the exploits, as...
Exploit for SQL Injection in Sangoma Freepbx
Work in Progress FreePBX CVE-2025-57819 Lab - Unauth SQLi →...
CVE-2025-34159
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary Docker Compose directives during project creation. By crafting...
CVE-2025-34159
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary Docker Compose directives during project creation. By crafting...
CVE-2025-34159
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary Docker Compose directives during project creation. By crafting...
CVE-2025-34159
CVE-2025-34159 affects Coolify