Exploit for Cross-site Scripting in Phpgurukul Zoo_Management_System

CVE-2022-31897 Date: 06/22/2022 Exploit Author: Angelo Pi...

Malicious code in firestore-messagebird-send-msg (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ce66f4ad982ef4095727b82f1dabf12365216e3f0dc4b1cd8016bf310fa982c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Race condition

In ipucorejqsmsgtransportkernelwritesync of ipu-core-jqs-msg-transport.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

cloud.altemista.fwk.framework:cloud-altemistafwk-documentation (=3.1.0.RELEASE), cloud.altemista.fwk.message:cloud-altemistafwk-core-message-active-conf (>=3.0.0.RELEASE <=3.1.0.RELEASE) +706 more potentially affected by CVE-2012-6092 via org.apache.activemq:activemq-core (>=4.1.1 <=5.7.0)

org.apache.activemq:activemq-core MAVEN version =4.1.1, =3.0.0.RELEASE, =1.0, =1.0.0, =1.0.0, =0.4.2, =0.4.2, =0.4.2, =3.0.0.rc1, =3.0.0.rc1, =3.0.0.rc1, =3.0.0.rc1, =3.2.1 and more Source cves: CVE-2012-6092 Source advisory: OSV:GHSA-RP9P-863F-9C4H...

Cross-site scripting - Stored via upload ".msg" file

Description When user upload file with .msg extension in white-list, but when access this file, server not reponse with Content-type header, so this file can execute javascript code as Content-type: text/html Proof of Concept POST /microweber/plupload HTTP/1.1 Host: localhost User-Agent:...

GSD-2022-1002079 bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full

bpf, sockmap: Fix memleak in tcpbpfsendmsg while sk msg is full This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.110 by commit...

CVE-2021-39319 duoFAQ - Responsive, Flat, Simple FAQ <= 1.4.8 Reflected Cross-Site Scripting

The duoFAQ - Responsive, Flat, Simple FAQ WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the /duogeek/duogeek-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.8...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. simple Image Gallery plugin is a WordPress open source application plugin. the WordPress Simple Image Gallery plugin ha...

WordPress 插件 跨站脚本漏洞

duoFAQ - Responsive, Flat, Simple FAQ plugin is a WordPress open source application plugin. duoFAQ - Responsive, Flat, Simple FAQ plugin for WordPress suffers from a cross-site scripting vulnerability. The vulnerability stems from a lack of data validation filtering of user-supplied data and...

VFront 跨站脚本漏洞

vfront is a free open source front-end for MySQL or PostgreSQL databases written in PHP and Javascript. vfront version 0.99.5 is vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via the s parameter in...

CVE-2021-42663

An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a...

UBUNTU-CVE-2021-43267

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication TIPC functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSGCRYPTO message type...

SUSE: Security Advisory (SUSE-SU-2018:1482-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UVI-2021-1000631 tipc: skb_linearize the head skb when reassembling msgs

tipc: skblinearize the head skb when reassembling msgs This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.124 by commit...

UVI-2021-1000491 ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry

ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.7 by commit...

CVE-2020-35430

SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemController in Inxedu v2.0.6 via the ids parameter to admin/letter/delsystem...

CVE-2021-27940

resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter...

Cross site scripting

resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter...

CVE-2020-11204

Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters that are read from shared MSG RAM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdrag...

Memory corruption

Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters that are read from shared MSG RAM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdrag...