40 matches found
EUVD-2006-6875
Malware in sbrugna...
PhpSpreadsheet allows unauthorized Reflected XSS in `Convert-Online.php` file
Unauthorized Reflected XSS in Convert-Online.php file Product: Phpspreadsheet Version: version 3.6.0 CWE-ID: CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CVSS vector v.3.1: 8.2 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N CVSS vector v.4.0: 8.3...
CVE-2024-56408 PhpSpreadsheet allows unauthorized reflected XSS in `Convert-Online.php` file
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have no sanitization in the /vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php file, which leads to the possibility of a cross-site scripting attack...
CVE-2024-56408
PhpSpreadsheet (PHP) has a cross-site scripting (XSS) vulnerability in the Convert-Online.php sample due to missing input sanitization. Affected versions are prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7; these versions lack sanitization in /vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-...
CVE-2024-56408 PhpSpreadsheet allows unauthorized reflected XSS in `Convert-Online.php` file
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have no sanitization in the /vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php file, which leads to the possibility of a cross-site scripting attack...
PT-2024-10179 · Phpoffice · Phpspreadsheet
Name of the Vulnerable Software and Affected Versions: PhpSpreadsheet versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 Description: The issue is related to the lack of sanitization in the /vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php file, which can lead to a cross-site...
CVE-2024-5338 Ruijie RG-UAC online.php os command injection
A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been classified as critical. Affected is an unknown function of the file /view/vpn/autovpn/online.php. The manipulation of the argument peernode leads to os command injection. It is possible to launch the attack remotely. The explo...
CVE-2019-7748
includes\online.php in DbNinja 3.2.7 allows XSS via the data.php task parameter if users/admin/tasks.php exists...
CVE-2019-7748
CVE-2019-7748 affects DbNinja 3.2.7 where the file _includes\online.php can be abused to trigger cross-site scripting through the data.php task parameter when _users/admin/tasks.php exists. This is a reflected/XSS-style issue tied to the handling of the data parameter, as described in the NVD ent...
topsiderhomes.com XSS vulnerability
Vulnerable URL: http://www.topsiderhomes.com/house-plans-online.php?collection=%3Csvg/onload=alert/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 29.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1306257 VIP...
PlaySMS 1.4 - Remote Code Execution Vulnerability
Exploit for php platform in category web applications Exploit Title: PlaySMS 1.4 Remote Code Execution to Poisoning admin log Date: 19-05-2017 Software Link: https://playsms.org/download/ Version: 1.4 Exploit Author: Touhid M.Shaikh Contact: http://twitter.com/touhidshaikh22 Website:...
PlaySMS 1.4 - Remote Code Execution
PlaySMS 1.4 - Remote Code Execution Exploit Title: PlaySMS 1.4 Remote Code Execution to Poisoning admin log Date: 19-05-2017 Software Link: https://playsms.org/download/ Version: 1.4 Exploit Author: Touhid M.Shaikh Contact: http://twitter.com/touhidshaikh22 Website: http://touhidshaikh.com/...
planmeclinic.com XSS vulnerability
Open Bug Bounty ID: OBB-238345 Description| Value ---|--- Affected Website:| planmeclinic.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Arab Portal System 2.0 online.php title Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/17285/info ArabPortal System is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...
UBBCentral UBB.threads 6.2.3/6.5 online.php Cat Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/11900/info It is reported that UBB.threads is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input prior to including...
VWar <= 1.50 R14 (online.php) Remote SQL Injection Vulnerability
No description provided by source. .: insecurity research team :. ....:...:. . .:. | |/ :/ // :/ .:. : | | | \\ /\ / :. . ..: ||| / \ \ .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 1o.o8.2oo6 .. Affected Application: VWar = v1.50 R14 . . : contact :...
AuraCMS <= 2.2.1 (online.php) Remote Blind SQL Injection Exploit
No description provided by source. !/usr/bin/perl -w Indonesian Newhack Security Advisory ------------------------------------ AuraCMS 2.x online.php - Remote Blind SQL Injection Exploit Waktu : Feb 15 2008 01:00PM Software : AuraCMS Versi : 2.0 2.1 2.2.1 Vendor : http://www.auracms.org/...
Srun3000计费系统无限制多处任意命令执行getshell
简要描述: Srun3000计费系统无限制任意命令执行getshell 详细说明: 文件: /enus/radonline.php srun3/web/online.php 4-76行 srun3/web/radonline.php 4-76行 if$POST"action"=="dm" $cmd = "/srun3/bin/raddrop -sdm ".$POST"sid"; if$fp=popen$cmd, "r" $con = fread$fp, 128; pclose$fp; $con = strreplace "\n", " ", $con; echo $con; exit;...
CVE-2008-1398
CVE-2008-1398 describes an SQL injection in AuraCMS 2.0–2.2.1 via the X-Forwarded-For HTTP header (HTTP_X_FORWARDED_FOR environment variable) that allows remote execution of arbitrary SQL commands. Affected component is online.php; root cause is improper handling/validation of the header value in...
AuraCMS 2.2.1 - X-Forwarded-For HTTP Header Blind SQL Injection
AuraCMS 2.2.1 - X-Forwarded-For HTTP Header Blind SQL Injection !/usr/bin/perl -w Indonesian Newhack Security Advisory ------------------------------------ AuraCMS 2.x online.php - Remote Blind SQL Injection Exploit Waktu : Feb 15 2008 01:00PM Software : AuraCMS Versi : 2.0 2.1 2.2.1 Vendor :...