Cross-site Scripting (XSS)

dolibarr/dolibarr is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of proper escaping in the variables of carte.php, allowing arbitrary scripts to be executed...

Cross-site Scripting (XSS)

@ckeditor/ckeditor5-link is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of escaping for the a href attributes, allowing arbitrary scripts to be executed...

Unrestricted file upload

An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed...

Cross-site Scripting (XSS)

cloudcmd is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the improper sanitization of filename which allows arbitrary javascript code to be executed when rendered...

Cross-site Scripting (XSS)

public is vulnerable to persistent cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of filenames, allowing arbitrary script to be stored in them and subsequently executed when served...

LineageOS 14.1 Blueborne Remote Code Execution

Exploit Title: LineageOS 14.1 Android 7.1.2 Blueborne RCE CVE-2017-0781 Date: 04/01/2018 Exploit Author: Marcin Kozlowski Tested on: LinageOS 14.1 Android 7.1.2 without BlueBorne Patch CVE : CVE-2017-0781 Provided for legal security research and testing purposes ONLY. Code in exp4.py More info in...

Cross-site Scripting (XSS)

primefaces is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of the paramValue variable found in AjaxRequestBuilder, allowing malicious scripts to be executed when the values are displayed...

CVE-2018-6533

An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code a larger...

CVE-2018-6533

An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code a larger...

CVE-2017-17832

ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settingsSMSALERTTYPE parameter, and JavaScript can be executed on settings-save.html the Settings - SMS Alerts page...

CVE-2017-15936

In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS Payload; when a user enters the agent definitions page, the script will get executed...

Cisco NX-OS Python Scripting Engine Elevation of Privilege Vulnerability

Cisco NX-OS software is a data center-class operating system that embodies modular design, sustainability, and maintainability. A security vulnerability exists in Cisco NX-OS that allows a user with locally executable Python scripts to elevate privileges on the Python subsystem to execute arbitra...

CVE-2017-1352

IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538...

Code injection

IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538...

CVE-2017-1352

IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538...

JVN#43534286: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Improper access restriction CWE-284 - CVE-2017-2144 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L| Base Score: 5.4 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:P| Base Score: 4.0...

Cross-site Scripting (XSS)

Semantic-UI is vulnerable to cross-site scripting XSS attacks. When adding the data-text option as a dropdown item, arbitrary script can be executed when a user clicks on the dropdown item...

CVE-2017-1122

IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM X-Force ID: 121174...

WordPress: Wordpress 4.7.2 - Two XSS in Media Upload when file too large.

Description ------------------- An attacker can inject a malicious script in to the filename which a victim tries to upload leading to XSS inside the administrators control panel. Two different "file to large" cases end up in interpolating the file name and appending it into DOM unsanitized leadi...

CVE-2016-7787

A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user...