15 matches found
EUVD-2026-16715
AVideo: Missing Authorization in Playlist Schedule Creation Allows Cross-User Broadcast Hijacking...
CVE-2026-34245 AVideo's Missing Authorization in Playlist Schedule Creation Allows Cross-User Broadcast Hijacking
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the plugin/PlayLists/View/Playlistsschedules/add.json.php endpoint allows any authenticated user with streaming permission to create or modify broadcast schedules targeting any playlist on the platform, regardless...
PT-2024-12089 · Ipfs +1 · Ipfs +1
Name of the Vulnerable Software and Affected Versions: go-libp2p-kad-dht versions 0.20.0 and earlier IPFS versions 0.18.1 and earlier Description: The issue allows an attacker to censor content in the InterPlanetary File System IPFS by exploiting the Kademlia DHT. This is done by generating many...
CVE-2022-35251
A cross-site scripting vulnerability exists in Rocket.chat v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users. Hence the payloads are...
CVE-2022-35251
A cross-site scripting vulnerability exists in Rocket.chat v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users. Hence the payloads are...
Rocket.Chat 跨站脚本漏洞
Rocket.Chat is an open source team chat software. Chat suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the chat window, which can be exploited by an attacker to manipulate its style, block functionality, and...
JFrog: Impersonation attack via Broken link in "blog-author" page
A social media platform link of "Twitter" on https://jfrog.com/blog-author/john-peterson/ was broken and could've allowed a user to impersonate a reseller and attack / scam your customers. This happened because the account of twitter either deleted or changed their username. I thought I'd report ...
OWOX, Inc.: Unrestricted File Upload in Chat Window
Summary: The application allows the attacker to upload dangerous file types that can be automatically processed within the product's environment. Steps To Reproduce: - Hit the browser and navigate to https://bi.owox.com and sign in. - Open The Chat window. - Upload any .rb or .php file . - Click ...
Dell SonicWALL Global Management System (GMS) 8.1 Adobe Flex SOP Bypass
Summary Provide your organization, distributed enterprise or managed service offering with an intuitive, powerful way to rapidly deploy and centrally manage SonicWall solutions, with SonicWall GMS. Get more value from your firewall, secure remote access, anti-spam, and backup and recovery solutio...
Dell SonicWALL Global Management System GMS 8.1 Adobe Flex SOP Bypass Vulnerability
Dell SonicWALL GMS versions 8.1 and below are compiled with a vulnerable version of Adobe Flex SDK allowing for same-origin request forgery and cross-site content hijacking i? Dell SonicWALL Global Management System GMS 8.1 Adobe Flex SOP Bypass Vendor: Dell Inc. Product web page:...
Imatix Xitami 2.5 Server Side Includes Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10778/info It is reported that Imatix Xitami is affected by a cross-site scripting vulnerability in the server side includes test script. This issue is due to a failure of the application to properly sanitize user-supplie...
CVE-2013-0080
CVE-2013-0080 affects Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1. A crafted URL vulnerability (Callback Function Vulnerability) lets remote attackers bypass read restrictions and hijack user accounts by enticing a target user to visit a malicious page. The issue arise...
Multiple Netscape / Mozilla / Firefox vulnerabilities
Search content hijacking with search plugins, crossite scripting with link tag...
MyHelpDesk 20020509 - HTML Injection
MyHelpDesk 20020509 - HTML Injection source: https://www.securityfocus.com/bid/4967/info It has been reported that MyHelpDesk is vulnerable to HTML injection attacks. MyHelpDesk does not properly sanitize HTML tags from form fields. Attackers may pass arbitrary HTML and script code through the...
MyGuestbook 1.0 - Script Injection
MyGuestbook 1.0 - Script Injection source: https://www.securityfocus.com/bid/4651/info MyGuestbook is freely available guestbook software. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. MyGuestbook does not adequately filter script code from various...