25 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of user-controlled share metadata fields in the public/index.html template. An attacker can execute arbitrary JavaScript in the context of the application by injecting malicious payloads into...
EUVD-2018-20619
Malware in sbrugna...
EUVD-2018-20621
Malware in sbrugna...
EUVD-2018-20514
Malware in sbrugna...
EUVD-2018-20622
Malware in sbrugna...
An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely
...
Contao discloses sensitive information in the front end search index
Impact Protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. Patches Update to Contao 4.13.56, 5.3.38 or 5.6.1. Workarounds Disable the front end search. For more information If you have any questions or comments about this...
Techkshetra Info Savsoft Quiz 跨站脚本漏洞
Techkshetra Info Savsoft Quiz is a best-of-breed web application for online quiz or exam systems from Techkshetra Info India. A cross-site scripting vulnerability exists in Techkshetra Info Savsoft Quiz version 6.0, which stems from the parameter categoryname in the file...
SUSE CVE-2018-20225
An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not...
GHSA-VCM7-88JX-3R39 ThinkPHP SQL Injection vulnerability
ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string...
CVE-2021-3840
A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index PyPi. MITRE classifies this weakness as...
CVE-2020-18646
Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.php"...
CVE-2020-18646
Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.php"...
NoneCMS 跨站请求伪造漏洞
NoneCMS is a simple and compact open-source content management system that can be used to quickly build corporate sites, personal blogs, and support mobile. A cross-site request forgery vulnerability exists in public/index.php/admin/nav/add.html in NoneCMS version 1.3. An attacker can use this...
EulerOS Virtualization 2.9.0 : python-pip (EulerOS-SA-2021-1745)
According to the version of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - DISPUTED An issue was discovered in pip all versions because it installs the version with the highest version number, even if th...
EulerOS Virtualization 2.9.1 : python-pip (EulerOS-SA-2021-1728)
According to the version of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - DISPUTED An issue was discovered in pip all versions because it installs the version with the highest version number, even if th...
CVE-2018-20225
A flaw was found in python-pip. The software installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exi...
DEBIAN-CVE-2018-20225
An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not...
CVE-2018-20225
An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not...
PT-2020-8665 · Pip +1 · Pip +1
Name of the Vulnerable Software and Affected Versions: pip all versions Description: An issue was discovered in pip because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the...