EUVD-2005-2693

Malware in sbrugna...

CVE-2020-10227

A cross-site scripting XSS vulnerability in the messages module of vtecrm vtenext 19 CE allows attackers to inject arbitrary JavaScript code via the From field of an email...

CVE-2005-2692

Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 addquery and 2 subquery parameters to the newbb plus module, the forum parameter to 3 newtopic.php, 4 edit.php, or 5 reply.php in the newbb plus module, or 6 the msg...

CVE-2024-9103

Improper Neutralization of Script in Attributes in a Web Page vulnerability in Forcepoint Email Security Blocked Messages module allows Stored XSS. This issue affects Email Security through 8.5.5...

CVE-2024-9103

Improper Neutralization of Script in Attributes in a Web Page vulnerability in Forcepoint Email Security Blocked Messages module allows Stored XSS. This issue affects Email Security through 8.5.5...

CVE-2024-9103

CVE-2024-9103 affects Forcepoint Email Security (Blocked Messages module) with improper neutralization of script in web page attributes, enabling Stored XSS and impacting Email Security up to version 8.5.5. The vulnerability is documented across multiple feeds (NVD, Red Hat, CVE List, VulnEnrichm...

Oracle Financial Services Applications 安全漏洞

Oracle Financial Services Applications is a suite of financial services software from Oracle USA. The product includes core banking, online banking, and estate management. A security vulnerability exists in the SMS Module component of Oracle Financial Services Applications versions 14.5, 14.6, an...

Multiple Reflected Cross-Site Scripting in Messages Module

Description The first occurrence affects messages.php file. The parameter stage was not properly encoded before being printed as HTML. This occurs when go parameter is set to setup value. The second instance affects save.php file. There was a POST parameter called parameter in JSON format that wa...

CVE-2020-10227

A cross-site scripting XSS vulnerability in the messages module of vtecrm vtenext 19 CE allows attackers to inject arbitrary JavaScript code via the From field of an email...

exV2 <= 2.0.4.3 - (sort) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? printr' ------------------------------------------------------------------------------- exV2 = 2.0.4.3 sort SQL injection / administrative credentials disclosure exploit mail: [email protected] site:...

eFront Educational v3.6.11 - Multiple Web Vulnerabilities

Document Title: =============== eFront Educational v3.6.11 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=666 Release Date: ============= 2012-08-03 Vulnerability Laboratory ID VL-ID: ==================================== 6...

PT-2009-5147 · Xoops · Xoops

Name of the Vulnerable Software and Affected Versions: XOOPS version 2.3.3 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities are found in the op...

exV2 <= 2.0.4.3 (sort) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications =================================================== exV2 = 4.1 allowing subs and if 'messages' module is enabled / if $argc4 printr' ----------------------------------------------------------------------------- Usage: php '.$argv0.' host...

PT-2005-3706 · Maxdev · Maxdev Md-Pro

Name of the Vulnerable Software and Affected Versions: MAXdev MD-Pro versions 1.0.72 and earlier Description: The issue affects one or more modules in MAXdev MD-Pro, including the Download, Search, Web links, Blocks, Messages, News, Comments, Settings, Stats, or subjects modules. The impact and...