6 matches found
EUVD-2023-54320
Malicious code in bioql PyPI...
CVE-2022-44725
OPC Foundation Local Discovery Server LDS through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS running as a high-privilege user...
CVE-2021-22125
An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file...
Cross site scripting
Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field e.g., Satellite name, and then restoring the...
BibORB 1.3.2 index.php Traversal Arbitrary File Manipulation
No description provided by source. source: http://www.securityfocus.com/bid/12583/info BibORB is reported prone to multiple vulnerabilities arising from insufficient sanitization of user-supplied input. These issues can be exploited by a remote attacker to carry out cross-site scripting, HTML...
CVE-2007-1009
Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iapxml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the 1 password or 2 serial number...