CVE-2026-25143 melange affected by potential host command execution via license-check YAML mode patch pipeline

melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...

Ashkon Simple Startup Manager buffer error vulnerability

Ashkon Simple Startup Manager is a system optimization tool developed by the American company Ashkon. Version 1.17 of Ashkon Simple Startup Manager contains a buffer overflow vulnerability; this vulnerability stems from local buffer overflows in File input parameters, which may allow for the...

CVE-2021-47841 SnipCommand 0.1.0 - Persistent Cross-Site Scripting

SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs...

CVE-2021-47841

CVE-2021-47841 affects SnipCommand 0.1.0. The issue is a cross-site scripting vulnerability in command snippets that allows an attacker to inject malicious payloads and execute arbitrary code by embedding JavaScript that triggers remote command execution via file or title inputs. Sources across N...

CVE-2021-47841 SnipCommand 0.1.0 - Persistent Cross-Site Scripting

SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs...

PT-2026-3296

SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs...

Tagstoo Cross-Site Scripting Vulnerability

Tagstoo is a tag-based file manager developed by Pablo Andueza. Version 2.0.1 of Tagstoo contains a cross-site scripting vulnerability. This vulnerability arises from improper handling of file or custom tag inputs, which may lead to storage-based cross-site scripting attacks...

VMCPlayer 1.0 - Denial of Service

VMCPlayer 1.0 - Denial of Service done by BraniX www.hackers.org.pl found: 2011.03.22 published: 2011.03.22 tested on: Windows XP SP3 Home Edition App: VMCPlayer 1.0 App Url: http://files.videomobileconverter.com/vmcplayer.exe VMCPlayer.exe MD5: 8a98ffbb404731f8f5ffbf3eaf30a327 VMCPlayer can be...

Tomato Gallery 1.2 (logged only) Persistant Xss Vunerability

Exploit for php platform in category web applications author: lemlajt software link: http://tomatogallery.yzx.se/ version: 1.2 tested on: linux cve : poc0.1 : 1. http://localhost/www/cmsadmins/tomatogallery12/edit/index.php 2. click @ "Add Separator" and type: bla'';!--alert document.cookie=& in...

Opera Browser Multiple Vulnerabilities july-10 (Win01)

The host is installed with Opera web browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperamultvulnwin01july10.nasl 5323 2017-02-17 08:49:23Z teissa $ Opera Browser Multiple Vulnerabilities july-10 Win01 Authors: Antu Sanadi Copyright: Copyright c 2010 Greenbone...

CVE-2010-2658

Opera before 10.60 does not properly restrict certain interaction between plug-ins, file inputs, and the clipboard, which allows user-assisted remote attackers to trigger the uploading of arbitrary files via a crafted web site...

File inputs can disclose the path to selected files – Opera Security Advisories

File inputs can disclose the path to selected files – Opera Security Advisories OPCOM Team | June 29, 2010 Severity Less severe Description When a file is selected in a file upload input, the path to that file is not exposed through the input’s value property. This is done to protect any sensitiv...

Opera < 10.54 Multiple Vulnerabilities

The version of Opera installed on the remote host is earlier than 10.54. Such versions are potentially affected by the following issues : - Web fonts may be used to trigger a privilege elevation vulnerability in the Windows operating system MS10-032 954 - It may be possible to use data URIs in a...