EUVD-2021-11535

Malware in sbrugna...

SPIP 4.2.1 Remote Code Execution

!/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: SPIP v4.2.1 - Remote Code Execution Unauthenticated Google Dork: inurl:"/spip.php?page=login" Date: 19/06/2023 Exploit Author: nuts7 https://github.com/nuts7/CVE-2023-27372 Vendor Homepage: https://www.spip.net/ Software Link:...

VulnCheck KEV: CVE-2023-27372

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1...

Remote Code Execution (RCE)

SPIP is vulnerable to Remote Code Execution RCE. The vulnerability exists because of the improper sanitization of form values in the public area, allowing an attacker to inject and execute malicious code...

DEBIAN-CVE-2023-27372

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1...

CVE-2023-27372

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1...

UBUNTU-CVE-2023-27372

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1...

CVE-2023-27372

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1...

CVE-2021-33849

A Cross-Site Scripting XSS attack can cause arbitrary code JavaScript to run in a user’s browser while the browser is connected to a trusted website. The attack targets your application's users and not the application itself while using your application as the attack's vehicle. The XSS payload...

CVE-2021-33323

The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote attackers to view the autosaved values by viewing the form as an unauthenticated user...

Liferay Portal 和 Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...

Form validation can be skipped in neos/form

Impact By crafting a special GET request containing a valid form state, a form can be submitted without invoking any validators. We consider the severity low because it is not possible to change any form values since the form state is secured with an HMAC that is still verified. That means that...

CVE-2021-3010

There are multiple persistent cross-site scripting XSS vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized...

CVE-2021-3010

There are multiple persistent cross-site scripting XSS vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized...

Cross site scripting

There are multiple persistent cross-site scripting XSS vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized...

CVE-2021-3010

There are multiple persistent cross-site scripting XSS vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized...

OpenText 跨站脚本漏洞

OpenText Content Server is a secure enterprise mobile content management system. A cross-site scripting vulnerability exists in OpenText Content Server 'multiple', which can be exploited by a remote attacker to introduce arbitrary JavaScript by creating malicious form values that will not be...

PYSEC-2014-33

z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id...

Design/Logic Flaw

Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of 1 form values and 2 JSignal arguments, which has unspecified impact and remote attack vectors...

CVE-2007-4695

The CVE-2007-4695 issue affects Apple Mac OS X 10.4 through 10.4.10 and Mac OS X Server 10.4 through 10.4.10, where a WebCore input-validation flaw in HTML form handling may allow remote attackers to modify form field values via unknown vectors related to file uploads. The underlying defect is an...