EUVD-2020-6017

Malware in sbrugna...

EUVD-2019-8375

Malware in sbrugna...

EUVD-2015-5010

Malware in sbrugna...

PT-2025-29780 · Unknown · Md Yeasin Ul Haider Url Shortener

Name of the Vulnerable Software and Affected Versions: Md Yeasin Ul Haider URL Shortener versions through 3.0.7 Description: The software contains a deserialization of untrusted data issue that allows object injection. Recommendations: Update Md Yeasin Ul Haider URL Shortener to a version later...

Command injection

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function...

Code injection

Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox 110...

Exploit for CVE-2022-25765

Exploit for CVE-2022-25765 pdfkit - Command Injection !Git...

CVE-2022-25765

The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized...

CVE-2022-22126

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...

CVE-2020-7625

op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function...

CVE-2017-17511

KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to prefs.c and worldgui.c...

CVE-2017-17517

libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

CVE-2016-1498

Cross-site scripting XSS vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a URL...

CVE-2010-0544

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malformed URL...

FLDS 1.2a - 'redir.php' SQL Injection

Free Links Directory Script id SQL Injection Vulnerability Author: nuclear site: http://flds-script.com vuln: http://localhost/path/redir.php?id=-1%20UNION%20SELECT%201,2,@@version,4,5,6,7,8,9,10,11/ vulnerable code: $ida = $GET'id'; $link = mysqlfetcharraymysqlquery"select from links where...

BBS E-Market Professional - Full Path Disclosure File Inclusion

BBS E-Market Professional - Full Path Disclosure File Inclusion \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV06$2004 --------------------------------------------------------------------------- Multiple vulnerabilities 1n BBS E-Market Professional...