8 matches found
CVE-2026-50745
A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sanitised, allowing user‑supplied input t...
PT-2026-48555
Simple Link Directory through 9.0.4 interpolates the sld no results found option into a JavaScript string literal without encoding. Because sanitize text field leaves quotes intact, a stored payload breaks out of the string and runs script for every page visitor...
CVE-2026-38579
Multiple reflected Cross-Site Scripting XSS vulnerabilities in damasac thaipalliativelte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter line 24, the id parameter lines 25, 75, and the ptidkey parameter lines 26, 42 in...
PT-2024-26126 · Oceanic · Oceanic
Name of the Vulnerable Software and Affected Versions: Oceanic versions prior to 1.10.4 Description: The issue arises from the lack of url-encoding for input to certain functions, such as Client.rest.channels.removeBan. This allows specially crafted input, like ../../../channels/id, to be...
SUSE CVE-2007-5386
Cross-site scripting XSS vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string...
Partial password leak over DNS on HTTP redirect
libcurl can be tricked to prepend a part of the password to the hostname before it resolves it, potentially leaking the partial password over the network and to the DNS servers. libcurl can be given a username and password for HTTP authentication when requesting an HTTP resource - used for HTTP...
python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...
Linux/x86 - execve(/bin/sh) + NOT Encoded Shellcode (27 bytes)
Linux/x86 - execve/bin/sh + NOT Encoded Shellcode 27 bytes. Shellcode exploit for Linuxx86 platform / ; Title : Execve /bin/sh Shellcode encoded with NOT ; Date : May, 2018 ; Author : Nuno Freitas ; Twitter : @nunof11 ; SLAE ID : SLAE-1112 ; Size : 27 bytes ; Tested on : i686 GNU/Linux section...