108 matches found
PT-2022-11608 · Unknown · Visam Vbase
Name of the Vulnerable Software and Affected Versions: VISAM VBASE version 11.6.0.6 Description: The issue concerns the failure to properly neutralize user-controllable input before it is used in output for a public-facing webpage. This could potentially lead to security issues, but specific...
CVE-2022-31108
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...
Expression Language Injection in Apache Struts
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %... syntax. Using forced OGNL evaluation on untrusted user input can lead to a...
CVE-2022-0257 Cross-site Scripting (XSS) - Stored in pimcore/pimcore
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
Chromium: CVE-2021-38015 Inappropriate implementation in input
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
CVE-2021-25297
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command...
April 9, 2019—KB4493448 (Security-only update)
April 9, 2019—KB4493448 Security-only update Improvements and fixes This security update includes quality improvements. Key changes include: Provides protections against Spectre Variant 2 CVE-2017-5715 and Meltdown CVE-2017-5754 for VIA-based computers. These protections are enabled by default fo...
CVE-2018-10539
An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytestocop...
Directory Traversal
gyfserver is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of ../ sanitization on the user input, allowing attackers to access files outside of the server's scope...
FS Grubhub Clone 1.0 - keywords SQL Injection
FS Grubhub Clone 1.0 - keywords SQL Injection Ver Ayari...
MGASA-2016-0390 Updated gnuchess packages fix security vulnerability
gnuchess before 6.2.4 is vulnerable to a stack buffer overflow related to user move input, where 160 characters of input can crash gnuchess CVE-2015-8972...
WordPress SupportEzzy Ticket System Plugin 1.2.5 - Stored XSS
SupportEzzy Ticket System plugin is prone to the vulnerability that allows run XSS payloads and use sample payload to test. Also, URL input is not secure. Solution Filter the input field...
CVE-2010-3933
CVE-2010-3933 affects Ruby on Rails 2.3.9 and 3.0.0, where nested attributes are not handled securely. The root cause is improper handling of nested attributes, enabling a remote attacker to modify arbitrary records by altering parameter names for form inputs. Reports in connected sources corrobo...
CMSQLite - SQL Injection
CMSQLite - SQL Injection Vulnerability ID: HTB22462 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityincmsqlite1.html Product: CMSQLite Vendor: CMSQLite-Team Vulnerable Version: 1.3 and Probably Prior Versions Vendor Notification: 29 June 2010 Vulnerability Type: SQL Injection...
CVE-2010-2230
The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting XSS attacks via HTML input...
exophpdesk-sql.txt
ExoPHPdesk user profile XSS / profile SQL injection http://exoscripts.com/exohelpdesk You can inject script code into the website area where you create profile. Cookies are in place making an XSS more than possible. http://example.com/helpdesk/index.php?fn=profile&s=&user=admin' sql here SQL...
Indexu 5.05.3 - user_detail.php?u Cross-Site Scripting
Indexu 5.05.3 - userdetail.php?u Cross-Site Scripting source: https://www.securityfocus.com/bid/22084/info Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script cod...
DanPHPSupport 0.5 - 'admin.php?do' Cross-Site Scripting
source: https://www.securityfocus.com/bid/20203/info DanPHPSupport is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute in the browser of an...
QwikiWiki v1.4 XSS Vulnerability
Software - QwikiWiki Version - v1.4 Type - XSS Vulnerability Powered by QwikiWiki v1.4 - www.qwikiwiki.com Examples: http://host/index.php?page="body bgcolor="black"/body http://host/index.php?page="alertdocument.cookie;/script Found by Dr^Death of Suicide Scene Internet Security Group 2006...
UBBCentral UBB.Threads 6.2.3/6.5 - 'calendar.php?Cat' Cross-Site Scripting
source: https://www.securityfocus.com/bid/11900/info It is reported that UBB.threads is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input prior to including it in dynamically generated web...