3 matches found
CVE-2014-9706
The buildindexfromtree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in map.php in LiveZilla 3.1.8.3 allow remote attackers to inject arbitrary web script or HTML via the 1 lat, 2 lng, and 3 zom parameters, which are not properly handled when processed with templates/map.tpl...
Directory traversal
Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 the language parameter in a language action to the default URI, which is not properly handled in actions/language.act.php, or 2 the action...