EUVD-2019-7284

Malware in sbrugna...

EUVD-2019-17813

Malware in sbrugna...

EUVD-2007-6097

Malware in sbrugna...

CMS NaiveScripters 3.0.1 Cross Site Scripting

==================================================================================================================================== | Title : CMS NaiveScripters v3.0.1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 62.0.3 32-bit | |...

ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2022-57822)

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, etc. A cross-site scripting vulnerability exists in ZoneMinder 1.32.3 and earlier versions, which stems from the events.php file displaying the 'limit' parameter value without arbitrar...

SQL Injection

ZoneMinder has SQL Injection via the skins/classic/views/events.php filterQueryterms0cnj parameter...

CVE-2019-8423

ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filterQueryterms0cnj parameter...

Sql injection

ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filterQueryterms0cnj parameter...

CVE-2019-8423

ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filterQueryterms0cnj parameter...

CVE-2019-8423

ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filterQueryterms0cnj parameter...

CVE-2019-8423

ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filterQueryterms0cnj parameter...

Cross site scripting

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3 as the view 'events' events.php insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader in functions.php, which insecurely returns the...

UBUNTU-CVE-2019-7337

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3 as the view 'events' events.php insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader in functions.php, which insecurely returns the...

CVE-2019-7337

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3 as the view 'events' events.php insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader in functions.php, which insecurely returns the...

vcssdpa.com XSS vulnerability

Open Bug Bounty ID: OBB-635406 Description| Value ---|--- Affected Website:| vcssdpa.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

nesssoftware.com XSS vulnerability

Open Bug Bounty ID: OBB-610529 Description| Value ---|--- Affected Website:| nesssoftware.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

pwcusa.org XSS vulnerability

Vulnerable URL: http://www.pwcusa.org/events.php?chapter=1"...

Ppim <= 1.0 (Arbitrary File Delete/XSS) Multiple Vulnerabilities

No description provided by source. Author : BeyazKurt Contact : [email protected] Script : Ppim v1.0 Bu ne bicim script adidir amk :D Download : http://scripts.ringsworld.com/organizers/ppim.zip D0rk : inurl:events.php?listallevents File Delete Vulnerability: upload.php...

Server: Privilege escalation in the calendar application

Due to not properly checking the ownership of an calendar, an authenticated attacker is able to download calendars of other users via the "calendarid" GET parameter to /apps/calendar/ajax/events.php Note: Successful exploitation of this privilege escalation requires the "calendar" app to be enabl...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Dolibarr 3.1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the username parameter in a setup action to admin/company.php, or the PATHINFO to 2 admin/securityother.php, 3 admin/events.php, or 4 admin/user.php...