140 matches found
CVE-2018-10061
Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENTQUOTES flag these calls occur when the htmlescape function in lib/html.php is not used...
CVE-2018-10061
Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENTQUOTES flag these calls occur when the htmlescape function in lib/html.php is not used...
UBUNTU-CVE-2018-10061
Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENTQUOTES flag these calls occur when the htmlescape function in lib/html.php is not used...
web2Project 3.3 Cross Site Scripting
| | Exploit Title: web2Project cms Cross Site ScriptingXSS | Exploit Author: Ashiyane Digital security Team | Vendor Homepage : https://web2project.net/ | Software Link: https://github.com/web2project/web2project/archive/version3.3.tar.gz | Version: 3.3 | Date: 2017-11-06 | Category: Webapps |...
Subrion CMS 4.1.5 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications | Exploit Title: Subrion Cms Cross Site Scripting XSS | Exploit Author: Ashiyane Digital security Team | Vendor Homepage : https://subrion.org/ | Software Link: https://tools.subrion.org/get/latest.zip | Version: 4.1.5 | Date: 2017 - 07 - 9 |...
PHPMyWind 5.3 - Cross-Site Scripting
PHPMyWind 5.3 - Cross-Site Scripting Exploit Title:PHPMyWind 5.3 has XSS Exploit Author:小雨 Vendor Homepage:http://phpmywind.com Software Link:http://phpmywind.com/downloads/PHPMyWind5.3.zip Version:5.3 CVE:CVE-2017-12984 $r= $dosql-GetOne"SELECT Maxorderid AS orderid FROM @message"; $orderid=...
CVE-2016-5094
Integer overflow in the phphtmlentities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function...
Integer overflow
Integer overflow in the phphtmlentities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function...
WordPress Welcome Announcement 1.0.5 Cross Site Scripting
Exploit Title: Wordpress Welcome Announcement Cross Site Scripting Exploit Author: bl4ckmohajem Vendor Homepage: https://wordpress.org/plugins/welcome-announcement/ Tested On: Windows7 Software Link: https://downloads.wordpress.org/plugin/welcome-announcement.1.0.5.zip Version: 1.0.5 Vulnerable...
WordPress xPinner Lite 2.2 Cross Site Request Forgery / Cross Site Scripting
Exploit Title: Wordpress xPinner Lite CSRF/XSS Exploit Author: Ashiyane Digital security Team Vendor Homepage: https://wordpress.org/plugins/xpinner-lite Software Link: https://downloads.wordpress.org/plugin/xpinner-lite.zip Version: 2.2 Tested on: windows 7 /FireFox Date: 2015-09-14 Exploit :...
[CVE-2015-2926] XSS vuln in phpTrafficA
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Product: phpTrafficA Product page: http://soft.zoneo.net/phpTrafficA/ Affected versions: Up to and including 2.3 latest as of writing. Description: The user agent string provided by the browser is not sanitized nor escaped when handled. This string ...
phpTrafficA 2.3 Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Product: phpTrafficA Product page: http://soft.zoneo.net/phpTrafficA/ Affected versions: Up to and including 2.3 latest as of writing. Description: The user agent string provided by the browser is not sanitized nor escaped when handled. This string ...
嘉缘人才系统多处sql注入打包
简要描述: 一次性全部打包,希望厂商重视这个问题,做好过滤。 详细说明: 这套cms存在一个很大隐患就是对于cookie的过滤。根据这个cms给出的函数可以写一个dome $v if strlen$k0 && pregmatch'/^cfg|GLOBALS/i',$k exit'Request var not allow!'; foreachArray'GET','POST','COOKIE' as $request foreach$$request as $k = $v $k0 != '' && $$k =...
PHP 5.4SVN-2012-02-03 htmlspecialchars/entities Buffer Overflow
No description provided by source. From: cataphract Operating system: Any PHP version: 5.4SVN-2012-02-03 SVN Package: Reproducible crash Bug Type: Bug Bug description:Buffer overflow on htmlspecialchars/entities with $double=false Description: ------------ Long entities can cause a buffer overflo...
PHP 'htmlspecialchars()'函数缓冲区溢出漏洞
Bugtraq ID: 51860 PHP是一款流行的编程语言 由于循环只保证开始处40字节可用,超长实体可导致缓冲区溢出: ?php echo htmlspecialchars'"""""""""""""""""""""""""""""""""""""""""""""', ENTQUOTES, 'UTF-8', false, "\n"; 0 php 5.4SVN-2012-02-03 SVN 厂商解决方案 目前没有详细解决方案提供: http://www.php.net/...
PHP 5.4 Buffer Overflow
From: cataphract Operating system: Any PHP version: 5.4SVN-2012-02-03 SVN Package: Reproducible crash Bug Type: Bug Bug description:Buffer overflow on htmlspecialchars/entities with $double=false Description: ------------ Long entities can cause a buffer overflow because the loop only guarantees ...
PHP 5.4SVN-2012-02-03 htmlspecialchars/entities Buffer Overflow
Exploit for php platform in category dos / poc From: cataphract Operating system: Any PHP version: 5.4SVN-2012-02-03 SVN Package: Reproducible crash Bug Type: Bug Bug description:Buffer overflow on htmlspecialchars/entities with $double=false Description: ------------ Long entities can cause a...
PHP 5.4SVN-2012-02-03 - htmlspecialchars/entities Buffer Overflow
From: cataphract Operating system: Any PHP version: 5.4SVN-2012-02-03 SVN Package: Reproducible crash Bug Type: Bug Bug description:Buffer overflow on htmlspecialchars/entities with $double=false Description: ------------ Long entities can cause a buffer overflow because the loop only guarantees ...
php ireport v1.0 Remote Html Code injection
Exploit for php platform in category web applications !/usr/bin/perl Title = phpireport v1.0 = Remote Html Code injection Author = Or4nG.M4n Download = http://garr.dl.sourceforge.net/project/phpireport/phpireport%20v1.0%20alpha%20revision%2025.rar Thnks : +----------------------------------+ | xS...
CentOS Update for php CESA-2010:0040 centos5 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...