7 matches found
PT-2025-21644 · Pnetlab · Pnetlab
Name of the Vulnerable Software and Affected Versions: PNETLab version 4.2.10 Description: The issue arises from the application's failure to properly sanitize user inputs in its file access mechanisms, allowing attackers to perform directory traversal by manipulating file paths in HTTP requests...
Cross-Site Scripting (XSS)
org.apache.felix, org.apache.felix.http.webconsoleplugin is vulnerable to cross-site scripting XSS. The vulnerability is due to improper neutralization of user input during web page generation, allowing an attacker to inject and execute malicious scripts in a victim’s browser through improperly...
Cross site scripting
A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867,...
Vaadin Framework < 6.6.7 / 6.7.0 Multiple Vulnerabilities
Vaadin Framework is prone to multiple cross-site scripting, information disclosure, and security bypass vulnerabilities because the application fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced...
Simpnews 2.x - Wap_short_news.php Remote File Inclusion
Simpnews 2.x - Wapshortnews.php Remote File Inclusion source: https://www.securityfocus.com/bid/18410/info Simpnews is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to...
Netzbrett 1.5.1 - P_Entry SQL Injection
Netzbrett 1.5.1 - PEntry SQL Injection source: https://www.securityfocus.com/bid/15593/info Netzbrett is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation cou...
Ocean12 Calendar Manager 1.0 - Admin Form SQL Injection
source: https://www.securityfocus.com/bid/13279/info Ocean12 Calendar Manager is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromis...