CVE-2018-11773

Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The...

CVE-2018-11774

Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of securi...

openSUSE 15 Security Update : zabbix (openSUSE-SU-2024:0064-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2024:0064-1 advisory. - The cause of vulnerability is improper validation of form input field Name on Graph page in Items section. CVE-2024-22119 Note that Nessus has not test...

PT-2022-18477 · Hcl · Hcl Notes

Name of the Vulnerable Software and Affected Versions: HCL iNotes affected versions not specified Description: The issue is caused by improper validation of user-supplied input in a form POST request, leading to a Reflected Cross-site Scripting XSS vulnerability. A remote attacker could exploit...

CVE-2018-11773

Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The...

Sql injection

Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of securi...

CVE-2018-11773

Apache VCL exposes a vulnerability in versions 2.1–2.5 where submitted block allocation form input is not properly validated and is passed to PHP’s strtotime, enabling exploitation of that function’s behavior. The advisory notes that versions earlier than 2.5.1 should be upgraded or patched; upgr...

IIS 5.0 Sample App vulnerable to cross-site scripting attack

The script /iissamples/sdk/asp/interaction/FormJScript.asp or FormVBScript.asp allows you to insert information into a form field and once submitted re-displays the page, printing the text you entered. This .asp doesn SPDX-FileCopyrightText: 2000 Matt Moore Some text descriptions might be excerpt...

xNewsletter 1.0 - Form Field Input Validation

source: https://www.securityfocus.com/bid/4516/info xNewsletter is a script that allows web users to subscribe to a newsletter. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. xNewsletter does not sanitize dangerous characters fro...