8 matches found
Missing Authorization
Django is vulnerable to Missing Authorization. The vulnerability is due to missing validation of add permissions for inline model instances in GenericInlineModelAdmin, which allows an attacker to submit forged POST data and create unauthorized objects...
CVE-2020-37137
PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...
CVE-2021-24432
The Advanced AJAX Product Filters WordPress plugin does not sanitise the 'termid' POST parameter before outputting it in the page, leading to reflected Cross-Site Scripting issue...
Arbitrary Command Execution Vulnerability in the Call Center of Shenzhen Jishi Communication Co.
The call center of Shenzhen Jishu Communication Co., Ltd. is a new generation of enterprise-level call center system. An arbitrary command execution vulnerability exists in the call center of Shenzhen JTS Communications Co. By constructing the $POST parameter without any filtering measures, it...
DEBIAN-CVE-2016-2145
The amreadpostdata function in modauthmellon before 0.11.1 does not check if the apgetclientblock function returns an error, which allows remote attackers to cause a denial of service segmentation fault and process crash via a crafted POST data...
CKEditor 4.0.1 多个安全漏洞
CKEditor是一款在线文字编辑器 CKEditor存在多个安全漏洞,允许攻击者利用漏洞进行跨站请求伪造,跨站脚本攻击及获取路径信息 0 CKEditor 4.0.1 厂商解决方案 目前没有详细解决方案提供: http://ckeditor.com/ =========================================== Vulnerable Software: ckeditor 4.0.1 standard Download:...
Spoofing and script injection through location.hash — Mozilla
Security researcher Mariusz Mlynski reported an issue with spoofing of the location property. In this issue, writes to location.hash can be used in concert with scripted history navigation to cause a specific website to be loaded into the history object. The baseURI can then be changed to this...
Buffer overflow
Multiple buffer overflows in the 1 vGetPost and 2 main functions in easy-scart.c through easy-scart6.c in iShopCart allow remote attackers to execute arbitrary code by sending a large amount of data containing "Submit" in an sslinvoice action, and allow remote attackers to have an unknown impact...