19 matches found
CVE-2024-12990 ruifang-tech Rebuild Admin Verification Page admin-verify redirect
A vulnerability was found in ruifang-tech Rebuild 3.8.6. It has been classified as problematic. This affects an unknown part of the file /user/admin-verify of the component Admin Verification Page. The manipulation of the argument nexturl with the input http://localhost/evil.html leads to open...
CVE-2023-42051
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must vis...
SUSE CVE-2019-17221
PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HT...
GHSA-X43G-GJ9X-838X PhantomJS Arbitrary File Read
PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HT...
PhantomJS Arbitrary File Read Vulnerability
PhantomJS is a headless browser for automating web interactions. A security vulnerability exists in the 'page.open' function of the web module in PhantomJS 2.1.1 and earlier versions. The vulnerability can be exploited by an attacker to read arbitrary files on the file system with the help of...
Unauthorized File Access
Overview PhantomJS is a headless WebKit scriptable with a JavaScript API. It has fast and native support for various web standards: DOM handling, CSS selector, JSON, Canvas, and SVG. Affected versions of this package are vulnerable to Unauthorized File Access. PhantomJS through 2.1.1 has an...
UBUNTU-CVE-2019-17221
PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HT...
CVE-2018-14243
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
chu-brugmann.be XSS vulnerability
Open Bug Bounty ID: OBB-527695 Description| Value ---|--- Affected Website:| chu-brugmann.be Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
worldphoto.org XSS vulnerability
Vulnerable URL: https://www.worldphoto.org/search/node/%22%3Eblub%3Csvg/onload%3Dalert/OPENBUGBOUNTY/%3E%22%3Eblub%3Csvg/onload%3Dalert/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 78353 VIP...
bjornborg.mediaboxsystem.se XSS vulnerability
Open Bug Bounty ID: OBB-303368 Description| Value ---|--- Affected Website:| bjornborg.mediaboxsystem.se Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
thenorthernecho.co.uk XSS vulnerability
Vulnerable URL: http://www.thenorthernecho.co.uk/search/%22%3E%3Csvg%20onload=alert%22OPENBUGBOUNTY%22%3E/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 93273 VIP website status:|...
modelingcreator.com XSS vulnerability
Vulnerable URL: http://www.modelingcreator.com/fr/offre-d-emploi.php/%22%27--!%3E%3Cscript%3Ealert'OPENBUGBOUNTY'%3C/script%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 12.08.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknow...
budschryslerdodgejeep.com XSS vulnerability
Vulnerable URL: http://www.budschryslerdodgejeep.com/contact.htm?=I+would+like+a+quote+on+a+new+Chrysler+300.+Please+contact+me+with+a+list+of+vehicles+you+have+in+stock.+Thank+you.%09%09%09%09%09%09%09%09%09%09"'--! Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS...
sbap.be XSS vulnerability
Vulnerable URL: http://www.sbap.be/search/Search.asp Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 3142351 VIP website status:| No Check sbap.be SSL connection:| Grade: F...
edu.1125.ir XSS vulnerability
Vulnerable URL: http://edu.1125.ir/login.php?redirect=" Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check edu.1125.ir SSL connection:| Grade: B- Coordinated...
dptbaseball.com XSS vulnerability
Vulnerable URL: http://dptbaseball.com/teams/default.asp?u=DPTBASEBALL=c=baseball=custom=1%22--%3E%3C/script%3E%3Csvg/onload=%27;alert%28/OPENBUGBOUNTY/%29;%27%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:|...
PHPfileNavigator 2.3.3 Privilege Escalation
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPFILENAVIGATOR0812b.txt Vendor: ========================= pfn.sourceforge.net Product: ===================================================== PHPfileNavigator v2.3.3 pfn...
CVE-2007-6464
Multiple PHP remote file inclusion vulnerabilities in Form tools 1.5.0b allow remote attackers to execute arbitrary PHP code via a URL in the grootdir parameter to 1 adminpageopen.php and 2 clientpageopen.php in global/templates/...