18 matches found
CVE-2023-1758 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in thorsten/phpmyfaq
Failure to Sanitize Special Elements into a Different Plane Special Element Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.12...
CVE-2022-48285
A flaw was found in the JSZip package. Affected versions of JSZip could allow a remote attacker to traverse directories on the system caused by the failure to sanitize filenames when files are loaded with loadAsync, which makes the library vulnerable to a Zip Slip attack. By extracting files from...
CVE-2021-26092
Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 may allow a remote unauthenticated attacker to...
Cross-Site Scripting (XSS)
craftcms/cms is vulnerable to cross-site scripting. The vulnerability exists due to a failure to sanitize href tags values and does not restrict URL schemes, allowing attackers to execute arbitrary JavaScript in a victim's browser...
V-SOL GPON/EPON OLT Platform 2.03 Cross Site Scripting
V-SOL GPON/EPON OLT Platform v2.03 Reflected XSS Vulnerability Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Affected version: V2.03.62RIPv6 V2.03.54R V2.03.52R V2.03.49 V2.03.47 V2.03.40 V2.03.26 V2.03.24 V1.8.6 V1.4 Summary: GPON is...
CVE-2014-1845
An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment...
Samsung SyncThru UpdateDriverFileServlet Directory Traversal Denial of Service Vulnerability
This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Samsung SyncThru. By default, authentication is not required to exploit this vulnerability. The specific flaw exists within the DriverFileUploadServlet servlet exposed by upload/updateDriver. The...
Novell Zenworks GetStoredResult.class SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetReRequestData method of the GetStoredResult class. The issue lies in the failur...
AlienVault OSSIM av-centerd SOAP Requests Multiple Command Execution (CVE-2014-3804)
Multiple command execution vulnerabilities has been reported in AlienVault OSSIM. The vulnerabilities are due to failure to safely sanitize user data while handling av-centerd SOAP service requests. A remote unauthenticated attacker can exploit these vulnerabilities by sending crafted requests to...
Oracle Application Server 9i Webcache Cache_dump_file Cross-Site Scripting Vulnerability
No description provided by source. source : http://www.securityfocus.com/bid/13421/info A remote cross-site scripting vulnerability affects the Oracle Application Server 9i Webcache administration console. This issue is due to a failure of the application to properly sanitize user-supplied input...
Simple Message Board 2.0 beta1 Forum.CFM Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14266/info A cross-site scripting vulnerability affects Simple Message Board. This issue is due to a failure of the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitra...
PNG Counter 1.0 Demo.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14392/info PNG Counter is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input that will be output in dynamically generated Web page...
PostNuke modload Module 'sid' Parameter SQL Injection Vulnerability
This host is running PostNuke and is prone SQL injection vulnerability. OpenVAS Vulnerability Test $Id: gbpostnukesqlinjvuln.nasl 5373 2017-02-20 16:27:48Z teissa $ PostNuke modload Module 'sid' Parameter SQL Injection Vulnerability Authors: Madhuri D Copyright: Copyright c 2010 Greenbone Network...
Autodesk Maya Script Nodes Arbitrary Command Execution
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk Maya Script Nodes Arbitrary Command Execution 1. Advisory Information Title: Autodesk Maya Script Nodes Arbitrary Command...
Autodesk SoftImage Scene TOC Arbitrary Command Execution
Exploit for unknown platform in category local exploits ======================================================== Autodesk SoftImage Scene TOC Arbitrary Command Execution ======================================================== Title: Autodesk SoftImage Scene TOC Arbitrary Command Execution CVE-ID...
Core Security Technologies Advisory 2009.0908
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk SoftImage Scene TOC Arbitrary Command Execution 1. Advisory Information Title: Autodesk SoftImage Scene TOC Arbitrary Command Execution Advisory Id:...
Autodesk SoftImage Scene TOC - Arbitrary Command Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk SoftImage Scene TOC Arbitrary Command Execution 1. Advisory Information Title: Autodesk SoftImage Scene TOC Arbitrary Command Execution Advisory Id:...
Simple Message Board 2.0 beta1 - 'Thread.cfm' Cross-Site Scripting
source: https://www.securityfocus.com/bid/14268/info A cross-site scripting vulnerability affects Simple Message Board. This issue is due to a failure of the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the...