Mozilla Firefox Conditional Competition Vulnerability (CNVD-2025-18681)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a conditional contention vulnerability that originates when installing a plug-in and Firefox verifies the signature before prompting the user. A remote attacker can exploit...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a conditional contention vulnerability that originates when installing a plug-in and Firefox verifies the signature before prompting the user. A remote attacker can exploit...

Simple Download Monitor < 3.9.5 - Contributor+ Stored Cross-Site Scripting via File Thumbnail

The plugin does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Given the that XSS is triggered even when the Download is in a review state, contributor could ma...

CVE-2021-39210 Autologin cookie accessible by scripts

GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie when a user uses the "remember me" feature is accessible by scripts. A malicious plugin that could steal this cookie would be able to use it to autologin. This issue ...

GLPI 安全漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

phplist Remote Code Execution Vulnerability

phpList is an open source newsletter and email marketing software from phpList UK. A remote code execution vulnerability exists in phpList version 3.5.1, which stems from the product's failure to check for any file extensions stored in the plugin's zip file, and can be exploited by an attacker wh...

CVE-2020-22249

Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the...

PhpList 代码问题漏洞

phpList is an open source newsletter and email marketing software from phpList UK. A remote code execution vulnerability exists in phpList version 3.5.1, which stems from the product's failure to check for any file extensions stored in the plugin's zip file, and can be exploited by an attacker wh...

Plugin archive directory traversal in Helm

The Helm core maintainers have identified an information disclosure vulnerability in Helm 3.0.0-3.2.3. Impact A traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and...

CVE-2021-29246

BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. The attacker must craft a malicious plugin file with special characters to upload the file outside of the restricted directory...

Directory traversal

BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. The attacker must craft a malicious plugin file with special characters to upload the file outside of the restricted directory...

CVE-2021-29246

BTCPay Server vulnerability CVE-2021-29246: an authenticated attacker with administrator privileges can exploit a directory traversal flaw in BTCPay Server versions up to 1.0.7.0 by uploading a specially crafted malicious plugin file to escape the restricted directory, enabling code execution on ...

Nagios XI - Authenticated Remote Command Execution Exploit

This Metasploit module exploits a vulnerability in Nagios XI versions before 5.6.6 in order to execute arbitrary commands as root. The module uploads a malicious plugin to the Nagios XI server and then executes this plugin by issuing an HTTP GET request to download a system profile from the serve...

Nagios XI Authenticated Remote Command Execution

This module exploits a vulnerability in Nagios XI before 5.6.6 in order to execute arbitrary commands as root. The module uploads a malicious plugin to the Nagios XI server and then executes this plugin by issuing an HTTP GET request to download a system profile from the server. For all supported...

New Relic: Urgent! Stored XSS at plugin's violations leading to account takeover

Hey team, I have found a stored XSS which is fired at plugin's Violations page. This vulnerability can be used by malicious plugin maker to take over any account which installs this malicious plugin. Vulnerability details The Violations page contain the following script inside its source code: ht...

Cross-site Scripting (XSS)

Mozilla Firefox and Thunderbird is vulnerable to cross-site scripting XSS. The use of valueOf method to shadow the location object window.location is not prevented, allowing for remote attackers to inject arbitrary Javascript into a victim's web browser via a malicious plugin...

Huawei HiRouter-CD20 and WS5200 Path Traversal Vulnerability

Huawei HiRouter-CD20 and WS5200 are both home router products released by Huawei China. A path traversal vulnerability exists in the Huawei HiRouter-CD20 HiRouter-CD20-10 prior to version 1.9.6 and the WS5200 WS5200-10 prior to version 1.9.6, which stems from insufficient checksums when the progr...

WordPress Download Manager 2.9.60 Cross Site Request Forgery

Exploit Title: WordPress Download Manager CSRF Discovery Date: 2017-12-12 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: https://www.wpdownloadmanager.com/ Software Link: https://wordpress.org/plugins/download-manager Version: 2.9.60 Tested on:...

Memory corruption with malicious NPAPI plugin — Mozilla

The CESG, the Information Security Arm of GCHQ, reported a dangling pointer dereference within the Netscape Plugin Application Programming Interface NPAPI that could lead to the NPAPI subsystem crashing. This issue requires a maliciously crafted NPAPI plugin in concert with scripted web content,...

Openfire <= 3.6.0a Admin Console Authentication Bypass

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...