GHSA-C4PM-63CG-9J7H Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List

Impact Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an ArrayIndexOutOfBoundsException. Applications that do not use this feature are not affected. Patches Upgrade to 7.9.0 Workarounds Catch and discard any exceptions from...

Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List

Impact Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an ArrayIndexOutOfBoundsException. Applications that do not use this feature are not affected. Patches Upgrade to 7.9.0 Workarounds Catch and discard any exceptions from...

Information leakage vulnerability in full version of TuziCMS

TuziCMS is an enterprise website management system based on ThinkPHP 3.2 framework. TuziCMS has an information leakage vulnerability that can be exploited by attackers to obtain sensitive information...

Arbitrary file deletion vulnerability in ZZCMS full version

ZZCMS is a free and open source website building system, mainly facing the majority of webmasters. ZZCMS full version of the existence of arbitrary file deletion vulnerability. The vulnerability stems from a problem in the logic of admin/dl.php, which leads to the deletion of arbitrary files from...

Unauthorized Access Vulnerability in Full Version of ZZCMS

ZZCMS is a free and open source website building system, mainly facing the majority of webmasters. ZZCMS full version of unauthorized access vulnerability. The vulnerability stems from the website directory/admin/ad.php logic there are problems , you can directly disable java or use burp to modif...

EnableQ Online Questionnaire Engine V10 Full Version Code Execution Vulnerability in Frontend

EnableQ online survey engine is a universal online survey management platform developed by Beijing Covey Nengdang Information Technology Co. A code execution vulnerability exists in the frontend of EnableQ Online Survey Engine V10 full version. An attacker can exploit the vulnerability to execute...

Stored XSS Vulnerability in Full Version of UEditor

UEditor is developed by Baidu web front-end R & D Department of WYSIWYG rich text web editor . A stored XSS vulnerability exists in all versions of UEditor. An attacker can exploit this vulnerability to execute javascript code in a file...

PHPCMS V9 full version of the reflective XSS

No description provided by source...

macCMS full version through the kill SQL injection(including the latest 7. x)-vulnerability warning-the black bar safety net

The times for the official website the latest 7. 7 version of the maccms test, and before the 6. x injection there are some differences refactoring the code, and with the 3 6 0 give protection script Prior to binding of unclaimed legacy injection, you can achieve full version of injection...

74CMS talent system v3. 2 injection & full version pass rounded out the background-bug warning-the black bar safety net

Because a station with this system next to the station is also no start so went down the parts of the source code to read Set of procedures filter is still relatively full, but all versions are GBK encoding is his flawed but basically the string into the library when the author used the iconv to...

SOOP Portal Raven 1.0 Shell Upload

In The Name Of GOD ============================================================================== SOOP Portal Raven 1.0 fckeditor Arbitrary File Upload Vulnerability ============================================================================== » Title : SOOP Portal Raven 1.0 fckeditor Arbitrary...

DEDECMS full version gotopage variable XSS ROOTKITS, 0DAY-vulnerability warning-the black bar safety net

Affected versions: DEDECMS full version The vulnerability described in: DEDECMS background landing template gotopage variable is not tested incoming data, leading toXSSvulnerabilities. \dede\templets\login.htm 6 5 the left and right input type="hidden" name="gotopage" value="? php if!...

Real Estate Investor Websites (testimonials.php) File Upload

Exploit for php platform in category web applications لا اله إلآ الله محمد رسول الله No god but Allah, Mohammad is the Messenger of Allah Real Estate Investor sites testimonials.php File Upload Vulnerability » Author : Al-Ghamdi » Email : email protected » : Saudi Arabi...

News Script PHP Pro (fckeditor) File Upload Vulnerability

Exploit for php platform in category web applications » Title : News Script PHP Pro fckeditor File Upload Vulnerability » Script : News Script PHP Pro » TestedON: linux/php » Download: http://newsscriptphp.com/ » Author : Net.Edit0r » Email : email protected » Date : 2010-12-26 » Version ...

News Script PHP Pro Shell Upload

============================================================================== » News Script PHP Pro fckeditor File Upload Vulnerability ============================================================================== » Title : News Script PHP Pro fckeditor File Upload Vulnerability » Script : News...

News Script PHP Pro - 'FCKeditor' Arbitrary File Upload

============================================================================== » News Script PHP Pro fckeditor File Upload Vulnerability ============================================================================== » Title : News Script PHP Pro fckeditor File Upload Vulnerability » Script : News...

News Script PHP Pro - FCKeditor Arbitrary File Upload

News Script PHP Pro - FCKeditor Arbitrary File Upload ============================================================================== » News Script PHP Pro fckeditor File Upload Vulnerability ============================================================================== » Title : News Script PHP P...

Unfixed XSS vulnerability at www.fullversionreleases.com

Security researcher ResisTance, has submitted on 17/01/2009 a cross-site-scripting XSS vulnerability affecting www.fullversionreleases.com, which at the time of submission ranked 87967 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 20/01/2009...

Iono all version fullpath disclosure

Iono is payment system is provided by http://olate.co.uk Google search keyword: Powered by iono I checked newest version and show more files are in error: http://domain/path/templates/iono/admin/denied.tpl.php http://domain/path/templates/iono/admin/index.tpl.php ........ All file in...

CVE-2006-2063

Multiple cross-site scripting XSS vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version "Full Version", allow remote attackers to inject arbitrary web script or HTML via the login parameter in 1 agentaffil.pl, 2 agenthelp.pl, 3 agentfaq.pl, 4 agenthelpinsert.pl, 5...