14 matches found
EUVD-2007-3291
Malware in sbrugna...
CVE-2025-29594
A vulnerability exists in the errorpage.php file of the CS2-WeaponPaints-Website v2.1.7 where user-controlled input is not adequately validated before being processed. Specifically, the $GET'errorcode' parameter can be manipulated to access unauthorized error codes, leading to Cross-Site Scriptin...
CVE-2025-29594
A vulnerability exists in the errorpage.php file of the CS2-WeaponPaints-Website v2.1.7 where user-controlled input is not adequately validated before being processed. Specifically, the $GET'errorcode' parameter can be manipulated to access unauthorized error codes, leading to Cross-Site Scriptin...
Design/Logic Flaw
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...
CVE-2023-29453
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...
CVE-2023-24538
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...
Cross-site Scripting (XSS)
org.wso2.carbon.ui is vulnerable to cross-site scripting. The vulnerability exists due to the improper output encoding in the errorCode parameter in the getSafeText function of login.jsp, allowing an attacker to inject and execute malicious javascript...
CVE-2016-10496
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, SD 210/SD 212/SD 205, SD 410/12, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, and SD 810, A NULL pointer dereference can occur during an SSL handshake...
Null pointer dereference
Everest PeakHMI before 8.7.0.2, when the video server is used, allows remote attackers to cause a denial of service incorrect pointer dereference and daemon crash via a crafted packet...
某通用型校园校务系统SQL注入
简要描述: boom!!! 详细说明: 厂商:南京苏亚星资讯科技开发有限公司 校务系统输入任意用户名、密码,点击登录,报错的url存在注入漏洞 搜索引擎的案例如下: ErrorCode参数存在注入 http://www.sdwhys.com/SM2005/public/asp/ErrorMsg/ShowError.asp?ErrorCode=30004 http://www.zjnksyzx.com:8801/SM2005/public/asp/ErrorMsg/ShowError.asp?ErrorCode=30004...
HTTP Interesting File Scanner
This module identifies the existence of interesting files in a given directory path. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Interesting File Scanner', 'Description' = %q This modu...
Sql injection
SQL injection vulnerability in forum/include/error/autherror.cfm in FuseTalk allows remote attackers to execute arbitrary SQL commands via the errorcode parameter. NOTE: a patch may have been released privately between April and June 2007. NOTE: this issue may overlap CVE-2007-3273...
CVE-2007-3301
SQL injection vulnerability in forum/include/error/autherror.cfm in FuseTalk allows remote attackers to execute arbitrary SQL commands via the errorcode parameter. NOTE: a patch may have been released privately between April and June 2007. NOTE: this issue may overlap CVE-2007-3273...
CVE-2007-3301
SQL injection vulnerability in forum/include/error/autherror.cfm in FuseTalk allows remote attackers to execute arbitrary SQL commands via the errorcode parameter. NOTE: a patch may have been released privately between April and June 2007. NOTE: this issue may overlap CVE-2007-3273...