PT-2024-4198 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to errors in presenting information to the user interface, which can allow a remote attacker to conduct spoofing attacks. Recommendations: At the...

PT-2023-22383 · Solive · Solive

Name of the Vulnerable Software and Affected Versions: SoLive versions 1.6.14 through 1.6.20 for Android Description: The issue concerns an exposed component that provides a method to modify the SharedPreference file. An attacker can exploit this to modify data in any SharedPreference file, which...

PT-2023-1767 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: The issue is related to errors in the representation of information by the user interface. It allows a remote attacker to conduct spoofing attacks, affecting the system...

SUSE CVE-2006-0208

Multiple cross-site scripting XSS vulnerabilities in PHP 4.4.1 and 5.1.1, when displayerrors and htmlerrors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message...

SUSE CVE-2008-3327

Moodle 1.6.5, when displayerrors is enabled, allows remote attackers to obtain sensitive information via a direct request to 1 blog/blogpage.php and 2 course/report/stats/report.php, which reveals the installation path in an error message...

SUSE CVE-2008-5814

Cross-site scripting XSS vulnerability in PHP, possibly 5.2.7 and earlier, when displayerrors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208...

PT-2021-6340 · Microsoft · Edge For Android

Name of the Vulnerable Software and Affected Versions: Microsoft Edge for Android affected versions not specified Description: The issue is related to errors in the representation of information by the user interface, which can be exploited by a remote attacker to perform a spoofing attack. There...

PT-2021-4421 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint affected versions not specified Description: The issue is related to a spoofing vulnerability in Microsoft SharePoint. It is associated with errors in the user interface's information display. Exploitation of this issue m...

PT-2021-3919 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: The issue is related to errors in displaying information to the user interface, which can be exploited by a remote attacker to conduct spoofing attacks. This allows...

PT-2021-3773 · Cockpit +5 · Cockpit +5

Name of the Vulnerable Software and Affected Versions: Cockpit affected versions not specified Description: The issue is related to clickjacking attacks, where a malicious website can render a page from a Cockpit server inside an iframe HTML entry. This could be exploited by a malicious website t...

PT-2021-4737 · Microsoft · Windows Print Spooler +1

Name of the Vulnerable Software and Affected Versions: Windows Print Spooler affected versions not specified Description: The issue is related to errors in the representation of information by the user interface of the Windows Print Spooler in Windows operating systems. This can allow a remote...

CVE-2020-10582

A SQL injection on the /admin/displayerrors.php script of Invigo Automatic Device Management ADM through 5.0 allows remote attackers to execute arbitrary SQL requests including data reading and modification on the database...

Invigo Automatic Device Management SQL注入漏洞

Invigo Automatic Device Management ADM is a native management tool for cellular operators that enables them to detect, maintain and manage millions of devices cost-effectively and with a high degree of reliability. A SQL injection vulnerability exists in /admin/displayerrors.php in Invigo Automat...

PT-2020-4770 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: The issue is related to errors in...

ATutor 2.2.1 - Directory Traversal / Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'ATutor 2.2.1 Directory Traversal / Remote Code Execution', 'Description' = %q This module exploits a directory traversal...

TikiWiki unserialize() Function Arbitrary Code Execution

The version of the TikiWiki installed on the remote host contains a flaw that could allow a remote attacker to execute arbitrary code. The 'unserialize' function is not properly sanitized before being used in the 'lib/banners/bannerlib.php', 'tiki-printmultipages.php', 'tiki-sendobjects.php' and...

Firefox < 14.0 Multiple Vulnerabilities

The installed version of Firefox is earlier than 14.0 and thus, is potentially affected by the following security issues : - Several memory safety issues exist, some of which could potentially allow arbitrary code execution. CVE-2012-1948, CVE-2012-1949 - An error related to drag and drop can all...

Installation Path Disclosure Weakness in Tribiq CMS | HTB22857

High-Tech Bridge SA Security Research Lab has discovered a weakness in Tribiq CMS which could be exploited to gain access to potentially sensitive information. 1 Installation path disclosure weakness in Tribiq CMS: CVE-2011-2727 The weakness exists due to application reveals the full path to...

Kunena < 1.5.13, < 1.6.3 SQL Injection Vulnerability

Exploit for php platform in category web applications Vendor/Product: Kunena Vulnerable Versions: 1.5.14; 1.6.3 Vulnerability Type: SQL Injection & information leakage Risk level: High Vulnerability Details: Because parameterized queries were not used, and adequate input sanitization was not done...

Kunena 1.5.13 1.6.3 - SQL Injection

Kunena 1.5.13 1.6.3 - SQL Injection Vendor/Product: Kunena Vulnerable Versions: 1.5.14; 1.6.3 Vulnerability Type: SQL Injection & information leakage Risk level: High Vulnerability Details: Because parameterized queries were not used, and adequate input sanitization was not done on the catids...