tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape

Summary The tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrusted data flows into the prefix, postfix, or dir options. By embedding traversal sequences e.g., ../ or path separators in these parameters, attackers can cause file...

SQL Injection

Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to SQL Injection via PdoAdapter::doClear method. An attacker can influence SQL query to expand deletion scope or perform arbitrary actions by...

SQL Injection

Overview symfony/cache is a cache component provides an extended PSR-6 implementation for adding cache to your applications. Affected versions of this package are vulnerable to SQL Injection via PdoAdapter::doClear method. An attacker can influence SQL query to expand deletion scope or perform...

EUVD-2021-11845

Malware in sbrugna...

EUVD-2018-4580

Malware in sbrugna...

CVE-2024-12615

The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb-prefix value in several AJAX actions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2021-24933

The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the termtree AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting issue...

Trendnet IP-110wn prefix parameter cross-site scripting vulnerability

Trendnet IP-110wn is a wireless network camera from Trendnet. A cross-site scripting vulnerability exists in the Trendnet IP-110wn camera fwtv-ip110wnv2 1.2.2.68 version, which stems from a lack of checksum filtering of user-supplied and output data in the prefix parameter in /admin/general.cgi. ...

CVE-2022-31873

Trendnet IP-110wn camera fwtv-ip110wnv21.2.2.68 has an XSS vulnerability via the prefix parameter in /admin/general.cgi...

CVE-2022-31873

Trendnet IP-110wn camera fwtv-ip110wnv21.2.2.68 has an XSS vulnerability via the prefix parameter in /admin/general.cgi...

CVE-2022-31873

Trendnet IP-110wn camera fwtv-ip110wnv21.2.2.68 has an XSS vulnerability via the prefix parameter in /admin/general.cgi...

CVE-2021-24933

The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the termtree AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting issue...

Cross site scripting

The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the termtree AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting issue...

CVE-2020-19142

iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DBPREFIX parameter to install/install.php...

Magento Mass Importer < 0.7.23 Cross-Site Scripting

Magento Mass Importer Magmi is a Magento database client used to perform raw bulk operations on the models of the online store. Magento Mass Importer versions before 0.7.23 suffer from a cross-site scripting vulnerability through the prefix parameter of the /magmi/web/ajaxgettime.php URL, allowin...

VulnCheck KEV: CVE-2017-7391

A Cross-Site Scripting XSS was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data prefix passed to the 'magmi-git-master/magmi/web/ajaxgettime.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the...

CVE-2012-3354

doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message...

UBUNTU-CVE-2012-3354

doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message...

DEBIAN-CVE-2012-3354

doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message...

Design/Logic Flaw

doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message...