EUVD-2025-8255

Malicious code in bioql PyPI...

Django TomSelect incomplete escaping of dangerous characters in widget attributes

Summary User supplied values passed through to certain attributes in form widgets are not fully escaped for potentially dangerous tokens, and in some cases are rendered in browser as valid html tags. Details Attributes passed to the widget such as labelfield containing , and similar tokens are no...

CVE-2023-42804

BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.1 has a path traversal vulnerability that allows an attacker with a valid starting folder path, to traverse and read other files without authentication, assuming the files have certain extensions txt, swf...

Path traversal

BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.1 has a path traversal vulnerability that allows an attacker with a valid starting folder path, to traverse and read other files without authentication, assuming the files have certain extensions txt, swf...

CVE-2023-42804 BigBlueButton Path Traversal – Reading Certain File Extensions

BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.1 has a path traversal vulnerability that allows an attacker with a valid starting folder path, to traverse and read other files without authentication, assuming the files have certain extensions txt, swf...

CVE-2023-42804 BigBlueButton Path Traversal – Reading Certain File Extensions

BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.1 has a path traversal vulnerability that allows an attacker with a valid starting folder path, to traverse and read other files without authentication, assuming the files have certain extensions txt, swf...

Filepaths contain Dangerous characters (Linux)

This Tenable product detected files or paths on the scanned Unix-like system which contain characters with command injection or privilege escalation potential. Although almost any character is valid for an entry in this kind of filesystem, such as semicolons, use of some of them may lead to...

U.S. Dept Of Defense: Reflected XSS via `████████` parameter

Hello everyone, I came across a page that allows users to subscribe to certain forum posts at https://███ I noticed that the ████ parameter is reflected in the Page without filtering dangerous characters such as except the = character which is filtered by default, but this can be circumvented by...

FusionPBX 输入验证错误漏洞

FusionPBX is a scalable, multi-threaded communications platform. The platform can be used as a call center server, fax server, VOIP server, voicemail server, conference server and voice application server. A security vulnerability exists in FusionPBX before 4.5.30, which stems from faxpostsize ma...

FusionPBX 安全漏洞

FusionPBX is a scalable, multi-threaded communications platform. The platform can be used as a call center server, fax server, VOIP server, voicemail server, conferencing server and voice application server. A security vulnerability exists in FusionPBX before 4.5.30, which stems from the fact tha...

FusionPBX 安全漏洞

FusionPBX is a scalable, multi-threaded communications platform. The platform can be used as a call center server, fax server, VOIP server, voicemail server, conferencing server and voice application server. A security vulnerability exists in FusionPBX before 4.5.30, which stems from a fax file...

Node.js third-party modules: [min-http-server] Stored XSS in the filename when directories listing

I would like to report Stored XSS in module "min-http-server". It allows to inject malicious scripts in the file name, store them on the server, then execute these scripts in the browser via the XSS vulnerability. Module module name: min-http-server version: 1.0.6 npm page:...

SUSE-SU-2016:1175-1 Security update for ntp

ntp was updated to version 4.2.8p6 to fix 12 security issues. These security issues were fixed: - CVE-2015-8158: Fixed potential infinite loop in ntpq bsc962966. - CVE-2015-8138: Zero Origin Timestamp Bypass bsc963002. - CVE-2015-7979: Off-path Denial of Service DoS attack on authenticated...

TGS CMS 0.x SQL Injection / XSS / Disclosure

| | | / | | / | | | \ / | | | / / | |/ \ / / |/ | |/| | | ' \ / | / / | | alertdocument.cookie The Risk: By exploiting this vulnerability, an attacker can inject malicious code in the script and can stole cookies. Fix the vulnerability: Encode output...

rsa-xss.txt

The following security report has been sent to RSA/EMC on the 2/10/2007 and confirmed by them. RSA took action to alert their customers. ----------------------------------------- Description The WebID authentication framework suffers from a flow allowing to steal an authenticated users's session ...

[UNIX] FACE CONTROL CMS vis.pl Directory Traversal

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

vis.pl.txt

Hackers Center Security Group http://www.hackerscenter.com/ spher3's Security Advisory Multiple transversal bug in vis.pl -------------------------------------------------------------------------- Description: Vis.pl is a perl script which manages files in order to show these; you can find it in...

jawsGlossary.txt

XSS Bug in Jaws Glossary v 0.4 - 0.5.1 latest version STATUS: The vendor has been contacted, fixed in cvs. Jaws is a Framework and Content Management System for building dynamic web sites. It aims to be User Friendly giving ease of use and lots of ways to customize web sites, but at the same time...

Oracle Application Server 9i Webcache - Arbitrary File Corruption

source: https://www.securityfocus.com/bid/13420/info Oracle Application Server 9i Webcache is prone to an arbitrary file corruption vulnerability. The issue exists becaue dangerous characters are not removed from a certain parameter value, allowing an attacker to construct a URI that contains an...

Oracle Application Server 9i Webcache - Arbitrary File Corruption

Oracle Application Server 9i Webcache - Arbitrary File Corruption source: https://www.securityfocus.com/bid/13420/info Oracle Application Server 9i Webcache is prone to an arbitrary file corruption vulnerability. The issue exists becaue dangerous characters are not removed from a certain paramete...