EUVD-2018-15692

Malware in sbrugna...

CVE-2025-47786

CVE-2025-47786 affects Emlog 2.5.13. The vulnerability is a stored cross-site scripting issue in /admin/comment.php where the unvalidated parameter perpage_num is stored in the database (admin_commend_perpage_num) and the output is not filtered, allowing a registered user to inject JavaScript tha...

CVE-2022-45186

An issue was discovered in SuiteCRM 7.12.7. Authenticated users can recover an arbitrary field of a database...

Exploit for Code Injection in Sqlpad

SQLPad 6.10.0 Exploit CVE-2022-0944 This Bash script exploi...

CVE-2023-24496

Cross-site scripting xss vulnerabilities exist in the requestHandlers.js detaildevice functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploite...

CVE-2023-24496

Cross-site scripting xss vulnerabilities exist in the requestHandlers.js detaildevice functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploite...

CVE-2023-24496

Cross-site scripting xss vulnerabilities exist in the requestHandlers.js detaildevice functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploite...

CVE-2021-36424

An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation...

CVE-2022-32248

Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the database. This leads to an impact on the integrity of the data...

SAP S/4HANA 输入验证错误漏洞

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from the German company SAP. SAP S/4HANA is vulnerable to an input validation error that stems from a lack of input validation in the management checkbook component, which could be exploited ...

TYPO3 cross-site scripting vulnerability (CNVD-2021-22139)

TYPO3 is a free and open source content management system written in PHP under the GNU General Public License. A cross-site scripting vulnerability exists in the database field used as descriptionColumn in TYPO3 versions prior to 10.4.14, 11.1.1. No detailed vulnerability details are available at...

WordPress Email Subscribers & Newsletters SQL Injection Vulnerability (CNVD-2020-44907)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Email Subscribers & Newsletters is an email subscription and newsletter plugin used in it. A SQL injection vulnerability exists in...

CVE-2020-15051

An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task Description fields...

UBUNTU-CVE-2018-14668

In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "defaultdatabase" fields which led to Cross Protocol Request Forgery Attacks...

IBM Robotic Process Automation with Automation Anywhere Enterprise Cross-Site Scripting Vulnerability

IBM Robotic Process Automation with Automation Anywhere Enterprise is a suite of process automation solutions developed by IBM USA and Automation Anywhere. A cross-site scripting vulnerability exists in IBM Robotic Process Automation with Automation Anywhere Enterprise version 10, which stems fro...

CVE-2018-1812

IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to persistent cross-site scripting, caused by missing escaping of a database field. An attacker that has access to the Control Room database could exploit this vulnerability to execute script in a victim's web...

Cross site scripting

IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to persistent cross-site scripting, caused by missing escaping of a database field. An attacker that has access to the Control Room database could exploit this vulnerability to execute script in a victim's web...

Security Bulletin: Cross-site scripting vulnerability in IBM Robotic Process Automation with Automation Anywhere (CVE-2018-1812)

Summary IBM Robotic Process Automation with Automation Anywhere is vulnerable to a cross-site scripting vulnerability Vulnerability Details CVEID: CVE-2018-1812 DESCRIPTION: IBM Robotic Process Automation with Automation Anywhere Enterprise is vulnerable to persistent cross-site scripting, caused...

ANCMS has a design flaw vulnerability

Anan Web Content Management System ANCMS is a web content management system. A design flaw vulnerability exists in ANCMS. The vulnerability is caused due to the relatively fixed settings of the database field names, which can be used by an attacker to forge cookie information, log in to the...

phpizabi-disclose.txt

-------------------------------------------------------- PHPizabi v0.848b C1 HFP3 database information exposure -------------------------------------------------------- I would like to state that I am in no way responsible for how this information is used. It is just that, information and is...