CVE-2026-1412

A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the file /fort/audit/getclipimg of the component HTTP POST Request Handler. Such manipulation of the argument frame/dirno leads to command...

Autobib 安全漏洞

Autobib is an Autobib open source command line tool for managing bibliographic records. A security vulnerability exists in Autobib 3.1.140 and earlier versions, which originates from reflective cross-site scripting and could lead to an attacker executing arbitrary Javascript in the victim's brows...

PT-2024-25815 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 9.5.48 ELTS TYPO3 versions prior to 10.4.45 ELTS TYPO3 versions prior to 11.5.37 LTS TYPO3 versions prior to 12.4.15 LTS TYPO3 versions prior to 13.1.1 Description: The ShowImageController eID tx cms showpic lacks a...

CVE-2023-33081

CVE-2023-33081 is a Qualcomm WLAN firmware issue described as a buffer over-read in a closed-source WLAN component, causing a transient Denial of Service during OTA broadcast when converting Target Wake Time (TWT) frame parameters. The impact is a DoS that is transient and tied to the OTA TWT par...

SUSE CVE-2006-0188

webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the rightframe parameter. NOTE: this has been called a cross-site scripting XSS issue, but it is different than what is normally identified as XSS...

CVE-2022-38357

Improper neutralization of special elements leaves the Eyes of Network Web application vulnerable to an iFrame injection attack, via the url parameter of /module/moduleframe/index.php...

CVE-2019-7418

XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.2508-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc...

UBUNTU-CVE-2019-7327

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame frame.php because proper filtration is omitted...

UBUNTU-CVE-2019-7328

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame frame.php via /js/frame.js.php because proper filtration is omitted...

CVE-2017-12311

A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame. The vulnerability is triggered by an H.264 frame that has an invalid...

DEBIAN-CVE-2011-3646

phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed jsframe parameter to phpmyadmin.css.php, which reveals the installation path in an error message...

CVE-2010-4792

Cross-site scripting XSS vulnerability in title.php in OPEN IT OverLook 5.0 allows remote attackers to inject arbitrary web script or HTML via the frame parameter...

CVE-2010-4792

Cross-site scripting XSS vulnerability in title.php in OPEN IT OverLook 5.0 allows remote attackers to inject arbitrary web script or HTML via the frame parameter...

CVE-2008-6407

Directory traversal vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the framefile parameter...