EUVD-2021-25854

Malware in sbrugna...

EUVD-2021-27376

Malware in sbrugna...

EUVD-2024-46122

Malicious code in bioql PyPI...

PT-2022-4659

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.18.6 Go versions 1.19.x prior to 1.19.1 Description The issue is related to the net/http package in Go, where an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error, leading to a denial ...

PT-2022-4593 · Weave · Weave Gitops Enterprise

Name of the Vulnerable Software and Affected Versions: Weave GitOps Enterprise versions prior to 0.9.0-rc.5 Description: The issue is related to a lack of input data sanitization, which can be exploited by a remote attacker to conduct a cross-site scripting XSS attack using a specially crafted...

PT-2022-3559 · Aethon · Aethon Tug Home Base Server

Name of the Vulnerable Software and Affected Versions: Aethon TUG Home Base Server versions prior to version 24 Description: The issue is related to the lack of input data sanitization in the "Загрузки" component of the TUG Home Base Server, which can lead to a remote attacker conducting a...

PT-2022-3560 · Aethon · Tug Home Base Server

Name of the Vulnerable Software and Affected Versions: Aethon TUG Home Base Server versions prior to version 24 Description: The issue is related to the lack of input data sanitization in the "Reports" component of the TUG Home Base Server, which can allow a remote attacker to conduct a cross-sit...

CVE-2021-44124

Hiby Music Hiby OS R3 Pro 1.5 and 1.6 is vulnerable to Directory Traversal. The HTTP Server does not have enough input data sanitization when shown data from SD Card, an attacker can navigate through the device's File System over HTTP...

Cross site scripting

Dzzoffice Version 2.02.1 is affected by cross-site scripting XSS due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php...

CVE-2021-40543

Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $GET'usrid' and $GET'profid' in the PasswordCheck.php file...

CVE-2021-40543

Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $GET'usrid' and $GET'profid' in the PasswordCheck.php file...

CVE-2021-39500

Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories...

Directory traversal

Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories...

CVE-2021-39497

eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote function...

CVE-2021-39500

CVE-2021-39500 (EyouCMS 1.5.4) is a directory traversal vulnerability caused by a lack of input validation in the parameters tpldir, filename, type, and nid, allowing an attacker to inject "../" to escape and write files to writable directories. Connected sources corroborate the issue across mult...

CVE-2021-39500

Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories...

WordPress 'Non-Strict Mode' Multiple Cross-Site Scripting Vulnerabilities - Linux

WordPress is prone to multiple cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Habari 0.5.1 'habari_username' Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31794/info Habari is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser of...

Primo Interactive CMS - pcm.cgi Remote Command Execution

Primo Interactive CMS - pcm.cgi Remote Command Execution source: https://www.securityfocus.com/bid/66549/info Primo Interactive CMS is prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input data. An attacker may leverage this...

Ovidentia 6.6.5 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/30735/info Ovidentia is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...