20 matches found
Foxit PDF Editor 安全漏洞
Foxit PDF Editor is a PDF editor from the Chinese company Foxit Foxit. A security vulnerability exists in Foxit PDF Editor that stems from improperly cleaned input in the predefined text function, which could lead to stored cross-site scripting...
EUVD-2025-4971
Malicious code in bioql PyPI...
EUVD-2024-2599
Malicious code in bioql PyPI...
EUVD-2021-28347
Malicious code in bioql PyPI...
CVE-2025-6078
Partner Software's Partner Software application and Partner Web application allows an authenticated user to add notes on the 'Notes' page when viewing a job but does not completely sanitize input, making it possible to add notes with HTML tags and JavaScript, enabling an attacker to add a note...
CVE-2013-10034
CVE-2013-10034 affects Kaseya KServer versions prior to 6.3.0.2. The vulnerability is an unrestricted file upload via the vulnerable uploadImage.asp endpoint, allowing unauthenticated upload of files to arbitrary paths through a crafted filename in a multipart/form-data POST. A file with an .asp ...
CVE-2025-34047
A path traversal vulnerability exists in the Leadsec SSL VPN formerly Lenovo NetGuard, allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient input sanitation,...
CVE-2025-34047 Leadsec VPN Path Traversal Arbitrary File Read
A path traversal vulnerability exists in the Leadsec SSL VPN formerly Lenovo NetGuard, allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient input sanitation,...
WordPress plugin YITH WooCommerce Wishlist 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2023-20114
A vulnerability in the file download feature of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to download arbitrary files from an affected system. This vulnerability is due to a lack of input sanitation. An attacker could exploit this vulnerability b...
CVE-2025-33024
CVE-2025-33024 affects RUGGEDCOM ROX MX5000/MX5000RE, RX1400, RX1500/1501/1510/1511/1512/1524/1536, and RX5000 (all versions before V2.16.5). The tcpdump tool in the devices’ web interface is vulnerable due to missing server-side input sanitization, allowing an authenticated remote attacker to ex...
Ubuntu: Security Advisory (USN-7355-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-3183
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific function does not sanitize the input provided by the user, which may expose the affected to an OS command injection vulnerability...
CVE-2018-18879
CVE-2018-18879 concerns the Columbia Weather MicroServer firmware (MS_2.6.9900 and earlier) where an authenticated web user can pipe commands directly to the underlying OS because input in networkdiags.php is not sanitized. This is a code injection vulnerability with a CVSS v3 base score of 9.8 (...
Smarty: Multiple vulnerabilities
Background Smarty is a template engine for PHP. Description Multiple vulnerabilities have been discovered in Smarty: The vendor reported that the modifier.regexreplace.php plug-in contains an input sanitation flaw related to the ASCII NUL character CVE-2008-1066. The vendor reported that the...
SoftBiz Web Hosting Directory Script 1.1 - review.php?sbres_id SQL Injection
SoftBiz Web Hosting Directory Script 1.1 - review.php?sbresid SQL Injection source: https://www.securityfocus.com/bid/15561/info Softbiz Web Host Directory Script is prone to multiple SQL injection vulnerabilities. These issues occur because the application fails to properly sanitize user-supplie...
Vortex Portal 2.0 - content.php?act Remote File Inclusion
Vortex Portal 2.0 - content.php?act Remote File Inclusion source: https://www.securityfocus.com/bid/12878/info Vortex Portal is reportedly affected by a remote PHP file include vulnerability. This issue is due to a failure in the application to properly sanitize user supplied input. It is...
[SA13357] Serendipity "searchTerm" Cross-Site Scripting Vulnerability
TITLE: Serendipity "searchTerm" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA13357 VERIFY ADVISORY: http://secunia.com/advisories/13357/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Serendipity 0.x http://secunia.com/product/3969/ DESCRIPTION:...
PSNews 1.1 - No Cross-Site Scripting
PSNews 1.1 - No Cross-Site Scripting source: https://www.securityfocus.com/bid/11124/info PSNews is a Web application that is implemented in PHP. PSNews is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI...
CVSTrac filediff Arbitrary Remote Code Execution
The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version of filediff has a flaw in the input sanitation which, when exploited, can lead to a remote attacker executing arbitrary commands on the system. Nessus has determined the vulnerability...