15 matches found
PT-2025-34547
Name of the Vulnerable Software and Affected Versions: StorageGRID versions prior to 11.8.0.15 StorageGRID versions prior to 11.9.0.8 Description: StorageGRID is susceptible to a privilege escalation issue. A successful exploit could allow an unauthorized, authenticated attacker to discover Grid...
CVE-2023-46504
Cross Site Scripting XSS vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a physically proximate attacker to execute arbitrary code via the library name function in the general settings component...
CVE-2023-46504
Cross Site Scripting XSS vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a physically proximate attacker to execute arbitrary code via the library name function in the general settings component...
CVE-2023-46504
Cross Site Scripting XSS vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a physically proximate attacker to execute arbitrary code via the library name function in the general settings component...
CVE-2023-46504
Cross Site Scripting XSS vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a physically proximate attacker to execute arbitrary code via the library name function in the general settings component...
PT-2023-30063 · Unknown · Pwncyn Yxbookcms
Name of the Vulnerable Software and Affected Versions: PwnCYN YXBOOKCMS version 1.0.2 Description: A Cross Site Scripting XSS issue allows an attacker to execute arbitrary code via the library name function in the general settings component. This can be exploited by a physically proximate attacke...
YXBOOKCMS Cross-Site Scripting Vulnerability
YXBOOKCMS is a content management system by PwnCYN Individual Developers. A cross-site scripting vulnerability exists in PwnCYN YXBOOKCMS version v.1.0.2, which originates from a vulnerability that could allow a remote attacker to execute arbitrary code via the library name function in the genera...
workflow-cps-global-lib: Sandbox bypass vulnerability
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the same workspace directory for all checkouts of Pipeline libraries with the same name, regardless of the SCM used and the source of the library configuration. This flaw allows attackers with item/configure permission...
Directory Traversal
JavaServer Faces is vulnerable to directory traversals. A malicious user can access arbitrary files through a Uniform Resource Identifier or a through the library name...
Low: ruby19, ruby20, ruby21, ruby22
Issue Overview: DL::dlopen could open a library with tainted library name even if $SAFE 0. Affected Packages: ruby19, ruby20, ruby21, ruby22 Issue Correction: Run yum update ruby19 or yum update --advisory ALAS-2016-632 to update your system. Run yum update ruby20 or yum update --advisory...
Oracle JavaServer Faces Multiple Partial Directory Traversals
The remote web server contains a JavaServer Faces application that is affected by multiple partial directory traversal vulnerabilities : - A defect exists in the handling of a resource identifier that allows for directory traversal within the application. - A defect exists in the handling of a...
Windows Mobile 6.5 TR WinCE 5.2 MessageBox Shellcode ARM
Windows Mobile 6.5 TR WinCE 5.2 MessageBox Shellcode ARM. Shellcode exploit for windows platform / Device: HTC Touch2 System: Windows Mobile 6.5 TR WinCE 5.0.2 Addresses of functions can be different on different devices so , you can edit the functions addresses. Coded by Celil Ünüver from...
The Group_concaT function is the ultimate use-vulnerability warning-the black bar safety net
Articles have been published in hackers Handbook reprint please indicate the source of! Author: Xiaohua Opening FLYH4T Big Brother“Mysql5 injection skills summary,”a paper presented by the use of“informationschema”library to implement traversal guess the library name, table name and Field name of...
Replace the small bamboo of the NBSI2: the Opendatasource And Openrowset-vulnerability warning-the black bar safety net
Currently on the market of SQL Injection tools a lot, the most respected is the NBSI2. SQL Injection method on the Internet is everywhere, everyone serious to learn it will soon become the script of the invasion“master”it. But whether it is tools, or numerous methods, to guess the SQL data when t...
DataRescue Interactive Disassembler Pro (IDA Pro disassembler/debugger) buffer overflow and format string bug
Buffer overflow on oversized inported library name, format string bug in library name...