NULL Pointer Dereference

The html package aka x/net/html before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of , , or . This is related to HTMLTreeBuilder.cpp in WebKit...

WP Simple Adsense Insertion < 2.1 - Inject ads and javascript via CSRF

The plugin does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form. PoC...

materialize-css 跨站脚本漏洞

materialize-css is a CSS framework based on Material Design. A security vulnerability exists in all versions of the materialize-css package that originates from user input being parsed as HTML/JavaScript and inserted into the Document Object Model DOM, which can be exploited by an attacker to...

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2022-1562)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-WR6P-J63R-XQHV Jenkins allows Data Insertion and Execution of Code by those with Read and HTTP Access

Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code...

Jenkins allows Data Insertion and Execution of Code by those with Read and HTTP Access

Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code...

CVE-2021-46742

The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability...

CVE-2021-46742

The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability...

Design/Logic Flaw

The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability...

CVE-2021-46742

The CVE-2021-46742 entry concerns Huawei HarmonyOS’s multi-window module, where unauthorized insertion and tampering of Settings.Secure data could affect availability. Public details in the documents indicate this affects HarmonyOS components related to the multi-window module, with no explicit e...

CVE-2021-46742

The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability...

Car Rental System 1.0 SQL Injection

Car Rental System SQL Injection Author: D4rkP0w4r Note = Login to customer Injection Point = http://192.168.1.101:8080/CarRental/booking.php?id=1 Exploit Exploit with Sqlmap + Burp Suite Use Burp Suite capture request Then save as sqlicar.txt GET /CarRental/booking.php?id=1 HTTP/1.1 Host:...

Chikista Patient Management Software 跨站脚本漏洞

Chikista Patient Management Software is a hospital/clinic management system from Chikista India. Chikista Patient Management Software 2.0.2 has a security vulnerability in the firstname parameter of the 1 Patient/Insertion, 2 Patient Report, 3 Appointment Report, 4 Visit Report, and 5 Billing...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Spring

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Spring. Vulnerability Details CVEID: CVE-2021-22060 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote authenticated attacker to bypass security restrictions, caused by improper input validation...

Easy Digital Downloads < 2.11.6 - Arbitrary Payment Note Insertion via CSRF

The plugin does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack...

Easy Digital Downloads < 2.11.6 - Arbitrary Payment Note Insertion via CSRF

The plugin does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack PoC...

WordPress Easy Digital Downloads plugin <= 2.11.5 - Arbitrary Payment Note Insertion via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Payment Note Insertion via Cross-Site Request Forgery CSRF vulnerability was discovered by Muhamad Hidayat in WordPress Easy Digital Downloads plugin versions = 2.11.5. Solution Update the WordPress Easy Digital Downloads plugin to the latest available version at least 2.11.6...

Plesk Cross-Site Request Forgery Vulnerability (CNVD-2022-91163)

Plesk is a hosting control panel from the Swiss company Plesk. version 18.0.37 of Plesk is vulnerable to cross-site request forgery, which stems from the software's lack of validation of cross-site request forgery tokens. An attacker could exploit this vulnerability to insert data in the user and...

CVE-2021-45007

Plesk 18.0.37 is affected by a Cross Site Request Forgery CSRF vulnerability that allows an attacker to insert data on the user and admin panel. NOTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users...

CVE-2021-45007

Plesk 18.0.37 is affected by a Cross Site Request Forgery CSRF vulnerability that allows an attacker to insert data on the user and admin panel. NOTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users...