6024 matches found
Folder Lock Cross-Site Scripting Vulnerability
Folder Lock is a perfect data security application from NewSoftwares, Inc. Folder Lock is vulnerable to a cross-site scripting vulnerability in v3.4.5, which stems from the " Create Folder" function under the "Create" module lacks a data validation filter for user-supplied data and output. An...
Tiki Wiki 跨站脚本漏洞
Tiki Wiki is a Php-based wiki system for the Tiki community. A security vulnerability exists in TikiWiki v21.4 that allows an attacker to execute arbitrary web script or HTML via a crafted payload under the Create Category module...
in marcoax/magutticms
Description RCE via 'upload file image or document' on maguttiCms 8.62 allows remote authenticated administrators to execute arbitrary PHP code Proof of Concept // PoC.req POST /admin/api/uploadifiveSingle HTTP/1.1 Host: 127.0.0.1:8000 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15;...
SugarCRM Cross-Site Scripting Vulnerability (CNVD-2021-94905)
SugarCRM is a set of open source customer relationship management software . A cross-site scripting vulnerability exists in the Create Employee module of SugarCRM version 6.5.18. The vulnerability can be exploited to execute arbitrary web script or HTML via the "First Name" or "Last Name" input...
CVE-2020-28955
SugarCRM v6.5.18 was discovered to contain a cross-site scripting XSS vulnerability in the Create Employee module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the First Name or Last Name input fields...
CVE-2020-23039
Folder Lock v3.4.5 was discovered to contain a stored cross-site scripting XSS vulnerability in the Create Folder function under the 'create' module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload as a path or folder name...
CVE-2020-23039
Folder Lock v3.4.5 was discovered to contain a stored cross-site scripting XSS vulnerability in the Create Folder function under the 'create' module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload as a path or folder name...
Cross site scripting
SugarCRM v6.5.18 was discovered to contain a cross-site scripting XSS vulnerability in the Create Employee module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the First Name or Last Name input fields...
Cross site scripting
Folder Lock v3.4.5 was discovered to contain a stored cross-site scripting XSS vulnerability in the Create Folder function under the 'create' module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload as a path or folder name...
CVE-2020-23039
Folder Lock v3.4.5 was discovered to contain a stored cross-site scripting XSS vulnerability in the Create Folder function under the 'create' module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload as a path or folder name...
CVE-2020-28955
SugarCRM v6.5.18 contains a cross-site scripting (XSS) vulnerability in the Create Employee module. The flaw allows arbitrary web scripts/HTML via crafted payloads in the First Name or Last Name input fields. Connected sources confirm the affected version and vulnerable inputs; no explicit exploi...
CVE-2020-28955
SugarCRM v6.5.18 was discovered to contain a cross-site scripting XSS vulnerability in the Create Employee module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the First Name or Last Name input fields...
NewSoftwares Folder Lock 跨站脚本漏洞
Folder Lock is a perfect data security application from NewSoftwares, Inc. Folder Lock is vulnerable to a cross-site scripting vulnerability in v3.4.5, which stems from the " Create Folder" function under the "Create" module lacks a data validation filter for user-supplied data and output. An...
Sugarcrm SugarCRM 跨站脚本漏洞
SugarCRM is a set of open source customer relationship management software . A cross-site scripting vulnerability exists in the Create Employee module of SugarCRM version 6.5.18. The vulnerability can be exploited to execute arbitrary web script or HTML via the "First Name" or "Last Name" input...
AUVESY Versiondog code issue vulnerability
AUVESY Versiondog is an automated production data and change management software solution from the German company AUVESY. AUVESY Versiondog is vulnerable to a code issue that could be exploited by attackers to modify existing files or create new ones...
NIMax 5.3.1 - (Remote VISA System) Denial of Service Exploit
Exploit Title: NIMax 5.3.1 - 'Remote VISA System' Denial of Service PoC Exploit Author: LinxzSec Vulnerability: Local Denial of Service DoS Vendor Homepage: https://www.ni.com/en-gb.html Software Link: License Required - https://knowledge.ni.com/KnowledgeArticleDetails?id=kA03q000000YGQwCAO&l=en-...
CVE-2021-35619
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Difficult to exploit vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM...
CVE-2021-35558
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS...
CVE-2021-35557
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS...
Design/Logic Flaw
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS...