Static Code Injection in collectiveaccess/pawtucket2

Description This is with reference to another SSRF report I made https://huntr.dev/bounties/43505ece-7d5e-44b8-a7a3-69bd42d0ad02/ in which the fix was to filter external src from images. Pawtucket2 makes use of the same code as Providence to filter HTML, however it does not include the new fix...

CVE-2021-22899

creationtimestamp| type| source ---|---|--- 2021-04-20 15:25:01+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus12/2021 2021-04-21 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=570 2021-07-29 17:59:02+00:00| seen| https://t.me/RussianOSINT/875...

CVE-2021-20443

IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality such as a library from a source that is outside of the intended control sphere. IBM X-Force ID: 196619...

UBUNTU-CVE-2020-11986

To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis o...

curl: Insecure Frame (External)

Summary: Insecure Frame External Steps To Reproduce: Vulnerability Details identified an external insecure or misconfigured iframe. Remedy Apply sandboxing in inline frame For untrusted content, avoid the usage of seamless attribute and allow-top-navigation, allow-popups and allow-scripts in...

CVE-2019-10139

creationtimestamp| type| source ---|---|--- 2019-05-17 16:51:42+00:00| seen| https://t.me/cvemitreorg/53...

Cross site scripting

Cross-site scripting XSS vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "embedding a JavaScript library from an external source that was not reliable."...

CVE-2015-7980

Cross-site scripting XSS vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "embedding a JavaScript library from an external source that was not reliable."...

CVE-2017-5618

creationtimestamp| type| source ---|---|--- 2017-07-11 02:04:41+00:00| published-proof-of-concept| https://t.me/HackingPublicoficial/162 2025-10-05 03:00:06+00:00| published-proof-of-concept| Telegram/SumV8avL7Sbl1SJPErB4-ULAsTbHoJ55HPswnJfdlCjxM 2025-10-07 21:02:38+00:00| seen|...

CVE-2017-0120

creationtimestamp| type| source ---|---|--- 2017-03-20 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41655...

CVE-2016-5847

creationtimestamp| type| source ---|---|--- 2016-08-10 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/40230...

CVE-2016-1839

creationtimestamp| type| source ---|---|--- 2016-02-24 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39491...

CVE-2015-4387

Cross-site scripting XSS vulnerability in unspecified administration pages in the Password Policy module 6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11 for Drupal, when a site has a policy that uses the username constraint, allows remote attackers to inject arbitrary web script or HTML via a...

Cross site scripting

Cross-site scripting XSS vulnerability in unspecified administration pages in the Password Policy module 6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11 for Drupal, when a site has a policy that uses the username constraint, allows remote attackers to inject arbitrary web script or HTML via a...

CVE-2014-3749

creationtimestamp| type| source ---|---|--- 2014-05-16 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39187...

CVE-2013-7278

creationtimestamp| type| source ---|---|--- 2013-12-30 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/38935...

FreeBSD : typo3 -- Remote Code Execution (3c957a3e-2978-11e1-89b4-001ec9578670)

The typo3 security team reports : A crafted request to a vulnerable TYPO3 installation will allow an attacker to load PHP code from an external source and to execute it on the TYPO3 installation. This is caused by a PHP file, which is part of the workspaces system extension, that does not validat...

CVE-2011-2523

creationtimestamp| type| source ---|---|--- 2011-07-05 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/17491 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ftp/vsftpd234backdoor.rb 2019-11-28 00:31:21+00:00| seen|...

GREED 0.81 - .GRX File List Command Execution

GREED 0.81 - .GRX File List Command Execution source: https://www.securityfocus.com/bid/12034/info greed Get and Resume Elite Edition is prone to unauthorized command execution. This issue is exposed when the application processes a GRX file list that specifies shell metacharacters and commands i...

CVE-2024-2056

creationtimestamp| type| source ---|---|--- 2000-12-31 23:00:00+00:00| seen| http://takeonme.org/cve/ 2024-03-05 21:26:38+00:00| seen| https://t.me/ctinow/200709 2024-03-05 21:26:51+00:00| seen| https://t.me/ctinow/200718...