22 matches found
EUVD-2010-3599
Malware in sbrugna...
EUVD-2025-12357
Malicious code in bioql PyPI...
EUVD-2023-28379
Malicious code in bioql PyPI...
EUVD-2023-48368
Malicious code in bioql PyPI...
EUVD-2022-43442
Malicious code in bioql PyPI...
CVE-2023-44008
File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function...
CVE-2023-44012
Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component...
CVE-2023-44011
An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component...
CVE-2023-24689
An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in /DesignTools/ManageSkin.aspx...
CVE-2023-24322
A reflected cross-site scripting XSS vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters...
CVE-2017-1000457
Cross-site scripting XSS vulnerability in Help.aspx in mojoPortal version 2.5.0.0 allows remote attackers to inject arbitrary web script or HTML via the helpkey parameter. Exploitation requires authenticated reflected cross-site scripting for user accounts assigned either the "Administrators" or...
CVE-2025-28367
mojoPortal =2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. An attacker can exploit this vulnerability to access the Web.Config file and obtain the MachineKey...
CVE-2025-28367
mojoPortal =2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. An attacker can exploit this vulnerability to access the Web.Config file and obtain the MachineKey...
CVE-2025-28367
mojoPortal =2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. An attacker can exploit this vulnerability to access the Web.Config file and obtain the MachineKey...
CVE-2025-28367
mojoPortal =2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. An attacker can exploit this vulnerability to access the Web.Config file and obtain the MachineKey...
CVE-2025-28367
mojoPortal =2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. An attacker can exploit this vulnerability to access the Web.Config file and obtain the MachineKey...
PT-2025-17446 · Unknown · Mojoportal
Name of the Vulnerable Software and Affected Versions: mojoPortal versions 2.9.0.1 and earlier Description: The issue allows an attacker to perform a Directory Traversal attack via the BetterImageGallery API Controller, specifically through the ImageHandler action. This can lead to unauthorized...
CVE-2025-28367
mojoPortal
CVE-2023-24322
A reflected cross-site scripting XSS vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters...
CVE-2023-24689
An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in /DesignTools/ManageSkin.aspx...