EUVD-2022-49664

Malicious code in bioql PyPI...

GHSA-Q5PP-5Q2H-G8RV Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5h9g-x5rv-25wg. This link is maintained to preserve external references. Original Description TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and...

GHSA-WJ6R-53F5-Q789 Duplicate Advisory: AVideo contains Command injection when embedding a video link

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pgvh-p3g4-86jw. This link is maintained to preserve external references. Original Description Impact: An attacker could execute remote code on a system running wwbn/avideo Step to Reproduce: 1. Go to the My Vide...

Exploit for OS Command Injection in Netgate Pfblockerng

CVE-2022-31814 text Reworked and optimized exploit scrip...

IPS Community Suite 4.5.4.2 PHP Code Injection

------------------------------------------------------------------------------ IPS Community Suite = 4.5.4.2 previewBlock PHP Code Injection Vulnerability ------------------------------------------------------------------------------ - Software Link: https://invisioncommunity.com - Affected...

IPS Community Suite 4.1.12.3 PHP Code Injection

--------------------------------------------------------------------------- IPS Community Suite contentclass ; 39. 40. if ! classexists $class or ! inarray 'IPS\Content', classparents $class 41. 42. \IPS\Output::i-error 'nodeerror', '2S226/2', 404, '' ; 43. User input passed through the...

ATutor 2.2 Cross Site Scripting

-------------------------------------------------------------------------- ATutor printHelps$h; User input passed through the "h" GET parameter is not properly sanitized before being passed to the "Message::printHelps" method at line 30. This can be exploited to carry out reflected Cross-Site...

Tuleap 7.6-4 PHP Object Injection

----------------------------------------------------------------- Tuleap route$request; 35. exit; 36. 37. 38. $currentstep = $request-exist'currentstep' ? $request-get'currentstep' : 0; 39. $data = $request-exist'data' ? unserialize$request-get'data' : array; User input passed through the "data"...

TSEP <= 0.942 (copyright.php) Remote Inclusion Vulnerability

No description provided by source. +-------------------------------------------------------------------- + + TSEP 0.9.4.2 + +-------------------------------------------------------------------- + + Affected Software .: TSEP 0.9.4.2 + Venedor ...........: http://www.tsep.info/ + Class ...............

vtiger CRM <= 5.4.0 (SOAP Services) - Multiple Vulnerabilities

No description provided by source. --------------------------------------------------------------------------------- vtiger CRM = 5.4.0 customerportal.php Two Local File Inclusion Vulnerabilities --------------------------------------------------------------------------------- - Software Link:...

AdaptCMS_Lite_1.5 2009-07-07

No description provided by source. =========================================================================== Topic : AdaptCMSLite1.5 2009-07-07 Bug type : change admin user,passwd & add new admin user exploit Download :...

DataLife Engine 9.7 - preview.php PHP Code Injection

DataLife Engine 9.7 - preview.php PHP Code Injection ------------------------------------------------------------------ DataLife Engine 9.7 preview.php PHP Code Injection Vulnerability ------------------------------------------------------------------ - Software Link: http://dleviet.com/ - Affect...

CubeCart 5.0.7 Insecure Backup Handling

OVERVIEW CubeCart 5.0.7 and lower versions are vulnerable to Insecure Backup File Handling which leads to the disclosure of the application configuration file. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that...

CubeCart 3.0.20 Shell Upload

OVERVIEW CubeCart 3.0.20 and lower versions are vulnerable to Arbitrary File Upload. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful...

PHP CGI Argument Injection Remote Exploit (PHP Version)

Exploit for php platform in category web applications PHP CGI Argument Injection Remote Exploit PHP CG...

OSClass 2.3.5 Directory Traversal

Advisory ID: CSA-12004 Title: OSClass directory traversal vulnerability Product: OSClass Version: 2.3.5 and probably prior Vendor: osclass.org Vulnerability type: Directory traversal Risk level: 2 / 3 Credit: www.codseq.it Vendor notification: 2012-01-25 Public disclosure: 2012-03-07 Original...

msgid:[email protected][email protected]&amp;[email protected]&amp;folder=&#92;&#92;3APA3A&#92;Bugtraq&amp;subject=Related&#37;20POC&#37;20for&#37;20JCE&#37;20Joomla&#37;20Extension&#37;20&lt;&#37;3D2

After release of vendor supplied patch for JCE's vulnerabilities, AmnPardaz is going to submit related POC for this issue in Perl and PHP after one month for educational purposes. PHP Version: ?php www.bugreport.ir AmnPardaz Security Research & Penetration Testing Group Title: Exploit for JCE...

Ferdows CMS Pro 1.1.0 - Multiple Vulnerabilities

Ferdows CMS Pro 1.1.0 - Multiple Vulnerabilities www.BugReport.ir AmnPardaz Security Research Team Title: Ferdows CMS Pro =1.1.0 Multiple Vulnerabilities Vendor: www.fcms.ir Exploit: Available Vulnerable Version: 1.1.0 Pro Impact: Medium Original Advisory: http://www.bugreport.ir/index77.htm Fix:...

Wormable Remote Code Execution in PHP-Nuke 7.0/8.1/8.1.35

No description provided by source. !/usr/bin/php ?php / Wormable Remote Code Execution in PHP-Nuke 7.0/8.1/8.1.35newist as of release Vendor's Website:http://phpnuke.org/ Secuirty Researcher: Michael Brooks https://sitewat.ch Original Advisory:...

PHP-Nuke 7.08.18.1.35 - Wormable Remote Code Execution

PHP-Nuke 7.08.18.1.35 - Wormable Remote Code Execution !/usr/bin/php ?php / Wormable Remote Code Execution in PHP-Nuke 7.0/8.1/8.1.35newist as of release Vendor's Website:http://phpnuke.org/ Secuirty Researcher: Michael Brooks https://sitewat.ch Original Advisory:...