30 matches found
Directory traversal
Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories...
CVE-2021-39497
eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote function...
CVE-2021-39500
Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories...
CVE-2021-39500
CVE-2021-39500 (EyouCMS 1.5.4) is a directory traversal vulnerability caused by a lack of input validation in the parameters tpldir, filename, type, and nid, allowing an attacker to inject "../" to escape and write files to writable directories. Connected sources corroborate the issue across mult...
The vulnerability in the web console of the Apache ActiveMQ software platform allows a perpetrator to carry out cross-site scripting attacks.
The vulnerability of the Apache ActiveMQ software platform’s web administration consoles is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
WordPress 'Non-Strict Mode' Multiple Cross-Site Scripting Vulnerabilities - Linux
WordPress is prone to multiple cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Habari 0.5.1 'habari_username' Parameter Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/31794/info Habari is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser of...
Primo Interactive CMS - pcm.cgi Remote Command Execution
Primo Interactive CMS - pcm.cgi Remote Command Execution source: https://www.securityfocus.com/bid/66549/info Primo Interactive CMS is prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input data. An attacker may leverage this...
Ovidentia 6.6.5 - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/30735/info Ovidentia is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...
SynCE 0.92 - vdccm Daemon Remote Command Injection
SynCE 0.92 - vdccm Daemon Remote Command Injection source: https://www.securityfocus.com/bid/27178/info SynCE is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Attackers can exploit this issue to execute arbitrary commands in th...