16 matches found
EUVD-2004-2393
Malware in sbrugna...
CVE-2020-25872
A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows an attacker to perform a directory traversal attack via a GET request urlencode parameter...
CVE-2020-29134
CVE-2020-29134 (Totvs Fluig platform) affects Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4, via a base64-encoded directory traversal in the parameter file. Root cause: path traversal enabling access to filesystem and sensitive files. Impact (as described): reading of sensitive XML files that may...
ThinkAdmin Directory Traversal Vulnerability
ThinkAdmin is a backend management framework based on the latest ThinkPHP V6 development, open source using the MIT protocol. ThinkAdmin v6 has a directory traversal vulnerability. Attackers can use the GET request encode parameter to exploit the vulnerability to read arbitrary files on a remote...
Instacart: Reflected File Download on recipe list search
Hi guys, Right now I'm searching for JSON issues on your API so I started to go deep into the XHR requests. When I noticed the following request:...
Cross site scripting
Cross-site scripting XSS vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter...
CVE-2016-3187
The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the REQUEST superglobal array, and consequently have unspecified impact, via a base64-encoded pp parameter...
CVE-2016-3187
The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the REQUEST superglobal array, and consequently have unspecified impact, via a base64-encoded pp parameter...
Directory traversal
Directory traversal vulnerability in viewfile.php in ARWScripts Fonts Script allows remote attackers to read arbitrary local files via directory traversal sequences in a base64-encoded f parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third par...
Path traversal
Absolute path traversal vulnerability in index.php in Sys-Hotel on Line System allows remote attackers to read arbitrary files via an encoded "/" "%2F" in the file parameter...
CVE-2006-6223
Cross-site scripting XSS vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter...
CVE-2006-6223
The vulnerability CVE-2006-6223 affects Google Mini and Google Search Appliance. Both products fail to handle UTF-7 encoded URIs, which may allow a remote, unauthenticated attacker to inject arbitrary content (including script) into web pages, potentially reading or modifying page data and relate...
CVE-2006-5219
SQL injection vulnerability in blog/index.php in the blog module in Moodle 1.6.2 allows remote attackers to execute arbitrary SQL commands via a double-encoded tag parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in loginerror.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter...
CVE-2006-2653
Cross-site scripting XSS vulnerability in loginerror.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter...
CVE-2004-2402
Cross-site scripting XSS vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect...