CVE-2026-8134

Concrete CMS 9.5.0 and earlier fails to sanitize path traversal in the ptComposerFormLayoutSetControlCustomTemplate field when saving page-type composer form layouts. An authenticated rogue administrator with composer form editing rights can cause arbitrary readable files to be included on the se...

CVE-2026-8134 Concrete CMS 9.5.0 and below is vulnerable to Authenticated RCE via Composer customTemplate Path Traversal leading to PHP File Inclusion

Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue administrator with composer form editing rights can exploit this to include arbitrary readable file...

EUVD-2014-3778

Malware in sbrugna...

EUVD-2011-2604

Malware in sbrugna...

CVE-2011-2621

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service application crash via vectors related to form layout...

SUSE CVE-2011-2621

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service application crash via vectors related to form layout...

Foxit Reader XFA Layout Object pageSpan Method Remote Code Execution Vulnerability

Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. A remote code execution vulnerability exists in the pageSpan method of the XFA Layout object in Foxit Reader version 8.3.1.21155, which stems from the program failing to properly validate user-submitted data. A remot...

Joomla JE Job Component com_jejob LFI Vulnerability

No description provided by source. Name : Joomla comjejob LFI Vulnerability Date : june, 26 2010 Critical Level : HIGH Vendor Url : http://joomlaextensions.co.in/jobcomponent/ Google Dork: inurl:comjejob Price:$25.00 Author : Sid3^effects aKa HaRi shellc99atyahoo.com special thanks to : r0073r...

Cross site scripting

Cross-site scripting XSS vulnerability in the Contact Bank plugin before 2.0.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Label field, related to form layout configuration. NOTE: some of these details are obtained from third party information...

CVE-2014-3841

Cross-site scripting XSS vulnerability in the Contact Bank plugin before 2.0.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Label field, related to form layout configuration. NOTE: some of these details are obtained from third party information...

WordPress Contact Bank Plugin <= 2.0.19 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the Label field, related to form layout configuration. Solution Update the plugin...

CVE-2011-2621

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service application crash via vectors related to form layout...

Design/Logic Flaw

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service application crash via vectors related to form layout...

CVE-2011-2621

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service application crash via vectors related to form layout...

Joomla Component com_jejob SQL Injection Vulnerability

Exploit for php platform in category web applications ====================================================== Joomla Component comjejob SQL Injection Vulnerability ====================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 ...