12 matches found
CVE-2026-0704
In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...
MAL-2025-154416 Malicious code in diago-kamuli-luuak (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18c5c2d28f3de4af4810cc2a0e453f44c0eed5217573516e966ffefadb823189 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-114500 Malicious code in hadianto-tahutek98-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9adfde7d08d8c5aa43050dd2567f56f80696c108776c253d492e52b02c9b394a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
SUSE CVE-2025-53964
GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds a crafted dictionary and then searches for any term included in that dictionary...
Adobe Document Service Code Issue Vulnerability
Adobe Document Service is a service provided by Adobe for processing documents, supporting PDF creation, editing and other functions. A code issue exists in Adobe Document Service that originates from a vulnerability that allows an attacker with administrator privileges to send a specially crafte...
LOYTEC LVIS-3ME Relative Path Traversal Vulnerability
LVIS-3ME is a graphical user interface from LOYTEC. A relative path traversal vulnerability exists in LOYTEC LVIS-3ME versions prior to 6.2.0, which can be exploited by an attacker to create or modify files, or execute arbitrary code, due to the inability of the web user interface to prevent user...
FineCMS 1.0 Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: FineCMS 1.0 Multiple Vulnerabilities Dork: N/A Date: 29.08.2017 Vendor Homepage : http://mvc.net.pl/ Software Link: https://github.com/andrzuk/FineCMS Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Explo...
FineCMS 1.0 Cross Site Scripting / SQL Injection
Exploit Title: FineCMS 1.0 Multiple Vulnerabilities Dork: N/A Date: 29.08.2017 Vendor Homepage : http://mvc.net.pl/ Software Link: https://github.com/andrzuk/FineCMS Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author: sohaip-hackerDZ Author Web:...
FineCMS 1.0 - Multiple Vulnerabilities
FineCMS 1.0 - Multiple Vulnerabilities Exploit Title: FineCMS 1.0 Multiple Vulnerabilities Dork: N/A Date: 29.08.2017 Vendor Homepage : http://mvc.net.pl/ Software Link: https://github.com/andrzuk/FineCMS Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author:...
FineCMS 1.0 - Multiple Vulnerabilities
Exploit Title: FineCMS 1.0 Multiple Vulnerabilities Dork: N/A Date: 29.08.2017 Vendor Homepage : http://mvc.net.pl/ Software Link: https://github.com/andrzuk/FineCMS Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author: sohaip-hackerDZ Author Web:...
FineCMS multi vulnerablity
Reflected XSS in getimage.php Technical Description: file /application/lib/ajax/getimage.php the $POST'id' and $POST'name' and $GET'folder' without any validated, sanitised or output encoded. Proof of ConceptPoC http://yourfinecms/application/lib/ajax/getimage.php?folder=1 POST: id=1"alert1&name=...
Exponent CMS Multiple Input Validation Vulnerabilities
Exponent CMS is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include local file-include, information-disclosure, arbitrary-file-upload, arbitrary-file-modify, and cross-site-scripting vulnerabilities...