32 matches found
CVE-2025-23110
An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting XSS vulnerability in the email-subject field exists while performing an upload of a CSV file containing a list of alert configurations. An attacker can send the victim a CSV file containing the XSS payload in the...
CVE-2024-55224
An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows attackers to execute arbitrary code via injecting a crafted payload into the username field of an e-mail message...
CVE-2023-25348
ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file...
PT-2022-27723 · Aerocms · Aerocms
Name of the Vulnerable Software and Affected Versions: AeroCMS version 0.0.1 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field in the add post.php file. This enables the execution of malicious code,...
Page Generator Plugin < 1.6.5 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Got to Page Generator - Keywords - Add Keyword and put the following payload in the "Terms" field then...
Monstra CMS Cross-Site Scripting Vulnerability (CNVD-2018-08254)
Monstra CMS is a lightweight PHP-based content management system CMS developed by Ukrainian software developer Sergey Romanenko. The system is easy to install and use, scalable and so on. A cross-site scripting vulnerability exists in Monstra CMS version 3.0.4. A remote attacker can exploit the...
WebMod 0.48 (Content-Length) Remote Buffer Overflow Exploit PoC
Exploit for unknown platform in category remote exploits =============================================================== WebMod 0.48 Content-Length Remote Buffer Overflow Exploit PoC =============================================================== / WebMod Stack Buffer Overflow by cybermind Kevin...
ATutor 1.5.1 - 'password_reminder.php' SQL Injection
source: https://www.securityfocus.com/bid/14831/info ATutor is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the...
Advanced Guestbook 2.2 - Password SQL Injection
Advanced Guestbook 2.2 - Password SQL Injection source: https://www.securityfocus.com/bid/10209/info It has been reported that Advanced Guestbook is prone to a SQL injection vulnerability that could allow an attacker to gain administrative access to the application. This issue is reported to exis...
Network Associates Webshield SMTP 4.5 - Invalid Outgoing Recipient Field Denial of Service
Network Associates Webshield SMTP 4.5 - Invalid Outgoing Recipient Field Denial of Service source: https://www.securityfocus.com/bid/1999/info Network Associates WebShield SMTP is an email virus scanner designed for internet gateways. In the event that WebShield SMTP receives an outgoing email...
Debian 2.x RedHat 6.2 IRIX 56 Solaris 2.x - Mail Reply-To Field
Debian 2.x RedHat 6.2 IRIX 56 Solaris 2.x - Mail Reply-To Field source: https://www.securityfocus.com/bid/1910/info mail is a simple console e-mail client. A vulnerability exists in several vendors' distributions of this program. An attacker can compose an email message with a carefully-formed...
Microsoft Outlook 97/98/2000 / Outlook Express 4.0/5.0 - GMT Field Buffer Overflow (2)
source: https://www.securityfocus.com/bid/1481/info All versions of Microsoft Outlook and Outlook Express are vulnerable to buffer overflow attacks where a remote user is capable of executing arbitrary code on an email recipient's system. The problem lies in how Outlook and Outlook Express handle...