20 matches found
EUVD-2024-16604
Malicious code in bioql PyPI...
EUVD-2023-43614
Malicious code in bioql PyPI...
CVE-2022-30120
XSS in /dashboard/blocks/stacks/viewdetails/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot...
CVE-2024-52612
Summary of CVE-2024-52612 (SolarWinds Platform): A reflected cross-site scripting vulnerability exists due to insufficient sanitation of input parameters. Exploitation requires authentication by a high-privileged account (and user interaction is typically required per NVD metrics), with impact on...
CVE-2024-12444 WP Dispensary <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WP Dispensary plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdmenu' shortcode in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
SVG Embed - Moderately critical - Cross site scripting - SA-CONTRIB-2024-050
This module enables you to embed the content of an SVG file into the body html of a node and optionally allows to translate text contained within the image. The module doesn't sufficiently sanitize the SVG file before embedding it into the html. This vulnerability is mitigated by the fact that an...
GHSA-M2WW-6WV6-VW3C Cross site scripting in Concrete CMS
XSS in /dashboard/blocks/stacks/viewdetails/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot...
CVE-2022-30119
XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Explorer with the XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2. This cannot be exploited in modern-da...
Design/Logic Flaw
XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Explorer with the XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2. This cannot be exploited in modern-da...
SUSE-SU-2022:1717-1 Security update for nodejs10
This update for nodejs10 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe bsc1192153. - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite bsc1191963. - CVE-2021-32804: Fixed...
SUSE-SU-2022:1694-1 Security update for nodejs8
This update for nodejs8 fixes the following issues: - CVE-2021-44906: Fixed prototype pollution in npm dependency bsc1198247. - CVE-2021-44907: Fixed insuficient sanitation in npm dependency bsc1197283. - CVE-2022-0235: Fixed passing of cookie data and sensitive headers to different hostnames in...
MGASA-2016-0430 Updated roundcubemail packages fix security vulnerability
Users can execute commands on the server by writing e-mails, due to insufficient sanitation of the from field when calling PHP's mail function CVE-2016-9920. Note that only roundcubemail installations that don't have an SMTP server configured for mail delivery are affected...
PHPKIT 1.6.x 'b-day.php' Addon SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/38891/info PHPKIT 'b-day.php' addon is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...
Cisco DPC2420 Cross Site Scripting / File Disclosure
Cisco DPC2420 router is prone to a file disclosure and to a XSS vulnerability because it fails to sufficiently sanitize user supplied data. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
Oracle Java Web Start java-vm-args Command Argument Injection Remote Code Execution
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java Webstar...
Hulihan Applications BXR 0.6.8 - SQL Injection / HTML Injection
source: https://www.securityfocus.com/bid/42247/info Hulihan Applications BXR is prone to an SQL-injection vulnerability and multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to compromise the application,...
PeaZIP < 2.6.2 RCE Vulnerability - Windows
PeaZIP is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PeaZIP Remote Code Execution Vulnerability (Windows)
This host is installed with PeaZIP and is prone to Remote Code Execution vulnerability. OpenVAS Vulnerability Test $Id: gbpeazipcodeexecvuln.nasl 4869 2016-12-29 11:01:45Z teissa $ PeaZIP Remote Code Execution Vulnerability Windows Authors: Nikita MR Copyright: Copyright c 2009 Greenbone Networks...
XtremeASP PhotoGallery 2.0 - Adminlogin.asp SQL Injection
XtremeASP PhotoGallery 2.0 - Adminlogin.asp SQL Injection source: https://www.securityfocus.com/bid/9438/info XtremeASP PhotoGallery is prone to an SQL injection vulnerability. The issue is reported to exist in the administration login interface, which does not sufficiently sanitize user-supplied...
Mambo Site Server 4.0.10 - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/7135/info Mambo Site Server has been reported prone to a cross-site scripting vulnerability. It has been reported that certain user supplied URI parameters are not sufficiently sanitized by the Mambo Site Server. As a result of this deficiency an attacker...