PT-2022-27092 · D8S-Htm +2 · D8S-Htm +2

Name of the Vulnerable Software and Affected Versions: d8s-htm version 0.1.0 democritus-math affected versions not specified Description: A potential code-execution backdoor was inserted by a third party into the d8s-stats for python distributed on PyPI. The democritus-math package also contains ...

PT-2022-27095 · Pypi · D8S-Htm +2

Name of the Vulnerable Software and Affected Versions: d8s-xml version 0.1.0 d8s-htm version 0.1.0 Description: The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is...

PT-2022-27089 · Pypi +1 · D8S-Urls +2

Name of the Vulnerable Software and Affected Versions: d8s-htm version 0.1.0 d8s-urls affected versions not specified democritus-domains affected versions not specified Description: A potential code-execution backdoor was inserted by a third party in the d8s-urls for python, as distributed on PyP...

PT-2022-37360 · Unknown +2 · Democritus-Domains +2

Name of the Vulnerable Software and Affected Versions: d8s-htm version 0.1.0 democritus-domains affected versions not specified Description: A potential code-execution backdoor was inserted by a third party into the d8s-urls for python distributed on PyPI. The democritus-domains package also...

PT-2022-37354 · Unknown +2 · Democritus-Domains +2

Name of the Vulnerable Software and Affected Versions: d8s-htm version 0.1.0 democritus-domains affected versions not specified Description: A potential code-execution backdoor was inserted by a third party into the d8s-urls for python distributed on PyPI. The democritus-domains package also...

PT-2022-37393 · Pypi · D8S-Htm +2

Name of the Vulnerable Software and Affected Versions: d8s-timer version not specified d8s-htm version 0.1.0 Description: A potential code-execution backdoor was inserted by a third party in the d8s-timer package distributed on PyPI. Another package, democritus-uuids, also contains a potential co...

PT-2022-37344 · Pypi · Democritus-Json +2

Name of the Vulnerable Software and Affected Versions: d8s-networking version not specified d8s-htm version 0.1.0 Description: A potential code-execution backdoor was inserted by a third party in the d8s-networking package distributed on PyPI. Additionally, the democritus-json package also contai...

PT-2022-27093 · D8S-Htm +1 · D8S-Htm +2

Name of the Vulnerable Software and Affected Versions: d8s-htm version 0.1.0 d8s-dates affected versions not specified democritus-timezones affected versions not specified Description: A potential code-execution backdoor was inserted by a third party in the d8s-dates package for python, distribut...

PT-2022-37345 · Pypi · D8S-Htm +2

Name of the Vulnerable Software and Affected Versions: d8s-networking affected versions not specified d8s-htm version 0.1.0 Description: A potential code-execution backdoor was inserted by a third party into the d8s-networking package for Python, distributed on PyPI. Another affected package is...

PT-2022-37371 · Pypi +1 · Democritus-Json +2

Name of the Vulnerable Software and Affected Versions: d8s-networking version not specified d8s-htm version 0.1.0 Description: A potential code-execution backdoor was inserted by a third party into the d8s-networking package for Python distributed on PyPI. Another affected package is...

CVE-2022-43305

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-algorithms package. The affected version of d8s-htm is 0.1.0...

PT-2022-37347 · Unknown +2 · Democritus-Algorithms +2

Name of the Vulnerable Software and Affected Versions: d8s-htm version 0.1.0 democritus-algorithms affected versions not specified Description: A potential code-execution backdoor was inserted by a third party into the d8s-python package distributed on PyPI. The democritus-algorithms package also...

CVE-2022-44054

The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-utility package. The affected version of d8s-htm is 0.1.0...

Cross-site Scripting (XSS) - Stored in requarks/wiki

Description Stored XSS can be performed by malicious XML / HTM files. There is no check in place to prevent such files from being uploaded. Proof of Concept 1 XML 1: Upload the following file as payload.xml: alert1 alert2 confirmdocument.domain Hello http://google.com Proof of Concept 2 HTM 2:...

CVE-2020-18114

An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format...

Design/Logic Flaw

An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format...

CVE-2020-18114

An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format...

CVE-2020-18114

CVE-2020-18114 affects DedeCMS V5.7SP2, with an arbitrary file upload vulnerability in the /uploads/dede component that allows uploading a webshell in HTM format. This enables remote code execution via a crafted HTM upload, per the description in the CVE entry. Connected sources corroborate the s...

CVE-2021-34223

Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field...

CVE-2020-20642

Cross Site Request Forgery CSRF vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn...