2466 matches found
CVE-2021-43675
Lychee-v3 3.2.16 is affected by a Cross Site Scripting XSS vulnerability in php/Access/Guest.php. The function exit will terminate the script and print the message to the user. The message will contain albumID which is controlled by the user...
PT-2021-22693 · Google · Android Kernel
Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible use-after-free in the regmap exit function of regmap.c due to improper locking. This could lead to local escalation of privilege in the kernel, with System execution privileges...
UBUNTU-CVE-2021-4093
A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State SEV-ES. A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction for example, outs or ins using the exit...
Was threat actor KAX17 de-anonymizing the Tor network?
A mysterious threat actor has run thousands of malicious servers in entry, middle, and exit positions of the Tor network. Tracked as KAX17, the threat actor ran at its peak more than 900 malicious servers part of the Tor network, which typically tends to hover around a daily total of up to...
Cross site scripting
dzzoffice 2.02.1SCUTF8 is affected by a Cross Site Scripting XSS vulnerability in explorerfile.php. The output of the exit function is printed for the user via exitjsonencode$return...
Cross site scripting
pictshare v1.5 is affected by a Cross Site Scripting XSS vulnerability in api/info.php. The exit function will terminate the script and print the message which has $REQUEST'hash'...
Thinkphp-Bjyblog 跨站脚本漏洞
Thinkphp-Bjyblog is an open source blog based on ThinkPhp developed by Baijunyao, an individual developer in China. A cross-site scripting vulnerability exists in Thinkphp-Bjyblog because the exit function in the product AdminBaseController.class.php file does not effectively filter input data. T...
Haschek Solutions Pictshare 跨站脚本漏洞
Haschek Solutions Pictshare is an open source image, Mp4, Pastebin hosting service from Haschek Solutions, Austria. A cross-site scripting vulnerability exists in Haschek Solutions Pictshare that stems from the exit function in the product api/info.php file not effectively filtering input data. T...
Yurunsoft YurunProxy 跨站脚本漏洞
Yurunsoft YurunProxy is a simple version of Ngrok from China's Yurunsoft, a Swoole-based intranet launcher that supports local WeChat development, Web development, and allows extranet access. A security vulnerability exists in Yurunsoft YurunProxy version 0.01, which originates from the program's...
Workerman-ThinkPHP-Redis Cross-Site Scripting Vulnerability
Workerman-ThinkPHP-Redis is an open source project consisting of the Workerman framework, the ThinkPHP framework, and Redis.Workerman-ThinkPHP-Redis is vulnerable to a cross-site scripting vulnerability that originates in the file Controller.class.php, where the exit function will terminate the...
Manage 跨站脚本漏洞
Manage is a simple login and registration system based on Vue-Cli and Thinkphp. A cross-site scripting vulnerability exists in manage, which stems from a cross-site scripting XSS vulnerability in Application/Home/Controller/GoodsController.class.php. The exit function will terminate the script an...
CVE-2021-43697
Workerman-ThinkPHP-Redis last update Mar 16, 2018 is affected by a Cross Site Scripting XSS vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $GETC'VARJSONPHANDLER' then there is a XSS vulnerability...
Cross site scripting
Workerman-ThinkPHP-Redis last update Mar 16, 2018 is affected by a Cross Site Scripting XSS vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $GETC'VARJSONPHANDLER' then there is a XSS vulnerability...
Cross site scripting
twmap v2.91v4.33 is affected by a Cross Site Scripting XSS vulnerability. In file list.php, the exit function will terminate the script and print the message to the user. The message will contain $REQUEST then there is a XSS vulnerability...
twmap 跨站脚本漏洞
Twmap is a Taiwan map-related document/code for China. twmap is vulnerable to a cross-site scripting vulnerability that originates in the file list.php, where the exit function will terminate the script and print a message to the user. No detailed vulnerability details are currently available...
PT-2021-23920 · Twmap · Twmap
Name of the Vulnerable Software and Affected Versions: twmap versions 2.91 through 4.33 Description: The issue is related to a Cross Site Scripting XSS vulnerability. In the file list.php, the exit function will terminate the script and print a message to the user. This message contains the $...
PhpWhois 跨站脚本漏洞
PhpWhois is a Whois library containing Php by Spanish individual developer David Saez Padros. A cross-site scripting vulnerability exists in PhpWhois, which originates in the file example.php, where the exit function will terminate the script and print a message to the user. No detailed...
getAuctionCore function returns wrong values out of order
Handle jayjonah8 Vulnerability details Impact In the AuctionEscapeHatch.sol file both earlyExitReturn and calculateMaltRequiredForExit call the getAuctionCore function which has 10 possible return values most of which are not used. It gets the wrong value back for the "active" variable since it's...
CVE-2021-32037
An assertion flaw was found in the mongodb server where an aggregation request could trigger an invariant. An authorized user could exploit this flaw by sending a relevant aggregation request to a shard, which could result in a denial of service or server exit. Requests are usually sent via mongo...
UBUNTU-CVE-2021-32037
An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shar...