CVE-2026-34424

Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote shell execution via...

WordPress plugin Smart Slider 3 Pro 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2006-3362

Malware in sbrugna...

EUVD-2011-4970

Malware in sbrugna...

EUVD-2018-9620

Malware in sbrugna...

EUVD-2009-3761

Malware in sbrugna...

CVE-2021-29387

Multiple stored cross-site scripting XSS vulnerabilities in Sourcecodester Equipment Inventory System 1.0 allow remote attackers to inject arbitrary javascript via any "Add" sections, such as Add Item , Employee and Position or others in the Name Parameters...

Design/Logic Flaw

An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system as root. There are several injection points in various scripts...

PT-2023-10708 · Abus · Abus Tvip Cameras

Name of the Vulnerable Software and Affected Versions: ABUS TVIP cameras affected versions not specified Description: An issue was discovered in certain ABUS TVIP cameras, where the CGI scripts allow remote attackers to execute code via system as root. There are several injection points in variou...

CVE-2018-17879

The CVE-2018-17879 vulnerability affects ABUS TVIP cameras, where CGI scripts allow remote execution of code as root via system() with multiple injection points. Public sources (NVD, Red Hat, CVE listings) confirm this remote, unauthenticated-like capability with high impact across confidentialit...

CVE-2023-43137

TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points...

Command injection

TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points...

CVE-2023-31868

Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting XSS. Some parts of the Web application are dynamically built using user's inputs. Yet, those inputs are not verified nor filtered by the application, so they mathed the expected format. Therefore, when HTML/JavaScript code is...

CVE-2023-31868

Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting XSS. Some parts of the Web application are dynamically built using user's inputs. Yet, those inputs are not verified nor filtered by the application, so they mathed the expected format. Therefore, when HTML/JavaScript code is...

Cross site scripting

Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting XSS. Some parts of the Web application are dynamically built using user's inputs. Yet, those inputs are not verified nor filtered by the application, so they mathed the expected format. Therefore, when HTML/JavaScript code is...

CVE-2023-31868

CVE-2023-31868 concerns Sage X3 Web, version 12.14.0.50-0, with cross-site scripting (XSS) via unsanitized user input in parts of the web app that are dynamically built. The vulnerability is triggered when HTML/JavaScript code is injected into input fields that are not validated/filtered, and suc...

PT-2023-3640 · Sage · Sage X3

Name of the Vulnerable Software and Affected Versions: Sage X3 version 12.14.0.50-0 Description: The issue is related to Cross Site Scripting XSS in the Sage X3 Web application. Some parts of the application are dynamically built using user inputs, but these inputs are not verified or filtered,...

Global Infotech CMS 1.0 SQL Injection

==================================================================================================================================== | Title : Global Infotech cms v 1.0 Sql injectioin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor :...

Prismatic < 2.8 - Contributor+ Stored XSS

The plugin does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS trigger able in the frontend, however, higher...

Webtareas 2.0 - (id) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Webtareas 2.0 - 'id' SQL Injection Exploit Author: Greg.Priest Vendor Homepage: http://webtareas.sourceforge.net/general/home.php Software Link: http://webtareas.sourceforge.net/general/home.php Version: Webtareas v2.0 Tested on...