Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2025/03/25 4:40 p.m.18 views

Frappe vulnerable to information disclosure leading to account takeover

Impact Making crafted requests could lead to information disclosure that could further lead to account takeover. Workarounds There's no workaround to fix this without upgrading. Credits Thanks to Thanh of Calif.io for reporting the issue...

9.3CVSS6.7AI score0.00398EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/27 12:0 a.m.3 views

PT-2024-2532 · Unknown +6 · Util-Linux +6

Name of the Vulnerable Software and Affected Versions: util-linux versions prior to 2.40 Description: The wall command in util-linux versions through 2.40 does not properly filter escape sequences received from command line arguments. This allows a local attacker to potentially inject escape...

6.2CVSS5.2AI score0.02242EPSS
Exploits4References140
securityvulns
securityvulns
added 2009/11/19 12:0 a.m.94 views

AssetsSoSimple supplier_admin.php Supplier Field XSS

product: AssetsSoSimple version tested: 0.33 vendor URL: http://assetssosimple.sourceforge.net/ script: supplieradmin.php field: Supplier ooo BugsNotHugs Shared Vulnerability Disclosure Account...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2009/11/19 12:0 a.m.78 views

Auto Manager admin.cgi Multiple Field XSS

vendor: interactivetools.com, inc., http://www.interactivetools.com/products/automanager/ product: Auto Manager version: 2.52 script: admin.cgi fields: Vehicle, Year, Price, Drive Train, Transmission, Body, Engine, Description, Color, Miles BugsNotHugs Shared Vulnerability Disclosure Account...

0.9AI score
Exploits0
exploitpack
exploitpack
added 2004/04/23 12:0 a.m.14 views

PHProfession 2.5 - modules.php?jcode Cross-Site Scripting

PHProfession 2.5 - modules.php?jcode Cross-Site Scripting source: https://www.securityfocus.com/bid/10190/info Multiple vulnerabilities were reported to exist in phProfession, which is a third-party module for PostNuke. Path disclosure, cross-site scripting and SQL injection vulnerabilities were...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2004/04/23 12:0 a.m.25 views

PHProfession 2.5 - 'upload.php' Direct Request Full Path Disclosure

source: https://www.securityfocus.com/bid/10190/info Multiple vulnerabilities were reported to exist in phProfession, which is a third-party module for PostNuke. Path disclosure, cross-site scripting and SQL injection vulnerabilities were reported. Exploitation of these issues may reveal sensitiv...

7.4AI score
Exploits0
Rows per page
Query Builder