CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the parseheader process. An attacker can inject arbitrary carriage return and line feed characters into HTTP headers by sending specially crafted percent-encoded values, potentially leading to response splitting or...

EUVD-2025-198183

Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values...

EUVD-2005-3864

Malware in sbrugna...

EUVD-2006-2490

Malware in sbrugna...

Denial Of Service (DoS)

radare2 is vulnerable to Denial of Service DoS attacks. The vulnerability exists in the rsleb128 function in the radare2 codebase. The function is responsible for decoding SLEB128 encoded values. The vulnerability occurs when the function fails to properly check the size of a buffer. This can all...

Carel PlantVisor 2.4.4 - Directory Traversal Vulnerability

Exploit for windows platform in category web applications Application: Carel PlantVisor http://www.carel.com/carelcom/web/eng/catalogo/prodottodett.jsp?idprodotto=310 Versions: = 2.4.4 Platforms: Windows Bug: directory traversal Exploitation: remote Date: 13 Sep 2011 Author: Luigi Auriemma e-mail...

Self XSS

PMASA-2016-16 Announcement-ID: PMASA-2016-16 Date: 2016-05-25 Updated: 2016-05-26 Summary Self XSS Description A specially crafted attack could allow for special HTML characters to be passed as URL encoded values and displayed back as special characters in the page. Updated to include CVE ID...

CVE-2006-3929

Cross-site scripting XSS vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40PT.0b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions before 2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote attackers to inject arbitrary web script or HTML via URL-encoded values in 1 the query string to help/help,...

CVE-2005-3894

Multiple cross-site scripting XSS vulnerabilities in index.pl in Open Ticket Request System OTRS 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via 1 hex-encoded values in the QueueID parameter and 2 Action parameters...

CVE-2005-3869

Cross-site scripting XSS vulnerability in index.php in Google API Search 1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the REQ parameter...

CVE-2005-3850

Cross-site scripting XSS vulnerability in search.asp in Online Knowledge Base System OKBSYS Lite Edition 1.0 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the q parameter...