Lucene search
+L

145 matches found

Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.14 views

PT-2026-42746

Name of the Vulnerable Software and Affected Versions Mattermost version 11.6.0 Mattermost version 11.5.3 Mattermost version 11.4.4 Mattermost version 10.11.14 Description Insufficient sanitization of team member data returned via API endpoints allows users without elevated permissions to obtain...

4.3CVSS5.8AI score0.00184EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2025/08/26 4:19 p.m.9 views

jsPDF Denial of Service (DoS)

Impact User control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of...

8.7CVSS6.4AI score0.00658EPSS
Exploits1References6Affected Software1
Hacker One
Hacker One
added 2018/10/04 2:39 p.m.23 views

U.S. Dept Of Defense: SQL Injection in ████

Summary: There is an SQL injection vulnerability in the SSN field at https://██████████/████/candidateapp/statusscholarship.aspx Impact An attacker could use this vulnerability to control the content in the database, exfiltrate information, and potentially obtain remote code execution. Step-by-st...

0.3AI score
Exploits0
0day.today
0day.today
added 2017/10/18 12:0 a.m.27 views

WordPress Influencer Marketing And Press Release System 2.2 XSS Vulnerability

Exploit for php platform in category web applications Credit Ricardo Sanchez Vulnerable Influencer Marketing & Press Release System plugin 2.2 Influencer Marketing & Press Release System plugin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplie...

7.1AI score
Exploits0
0day.today
0day.today
added 2016/11/08 12:0 a.m.39 views

Simple PHP Blog 0.4.0 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications + Credits: Boumediene KADDOUR AKA sh311c0d3r + Website: http://www.pentestingskills.com Vendor: ====================== http://www.simpleblogphp.com Product: =============================== Simple PHP Blog 0.4.0 Vulnerability Type:...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2016/07/11 11:57 a.m.34 views

OLX: Cross Site Scripting -> Reflected XSS

Steps:- 1. Go to http://www.olx.ba/pretraga?trazilica="PAYLOAD" 2.Payload :- "onmousemove=alert"XSSBYJASHWANTH" " 3. You will get Pop up 4. If the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2015/03/05 12:0 a.m.256 views

Ultimate PHP Board (UPB) 2.2.7 Cross Site Scripting

Exploit Title : Ultimate PHP Board UPB 2.2.7 Cross Site Scripting Vulnerability CVE : CVE-2015-2217 Date : 4 March 2015 Exploit Author : CWH Underground Discovered By : ZeQ3uL Site : www.2600.in.th Vendor Homepage : http://www.myupb.com Software Link :...

4.3CVSS0.3AI score0.01892EPSS
Exploits3
Zero Day Initiative
Zero Day Initiative
added 2014/11/03 12:0 a.m.37 views

(0Day) Denon AVR-3313CI 'Friendlyname' Persistent Cross-Site Scripting Vulnerability

This vulnerability allows remote attackers to insert persistent JavaScript on vulnerable installations of the Denon AVR-3313CI audio/video receiver's web portal. Authentication is not required to persist the attack. However, user interaction is required to exploit this vulnerability in that the...

6.4CVSS6.2AI score0.00981EPSS
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

Lussumo Vanilla <= 1.1.10 'definitions.php' Multiple Remote File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/38889/info Vanilla is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

Magic Photo Storage Website admin/list_members.php _config[site_path] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

Magic Photo Storage Website user/user_membership_password.php _config[site_path] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

PHP Content Architect 0.9 pre 1.2 MFA_Theme.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23843/info PHP Content Architect is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

Istant-Replay - 'read.php' Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28797/info Istant-Replay is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue can allow an attacker to compromise the application and the...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

Joomla! CB Resume Builder 'group_id' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/36598/info The CB Resume Builder 'comcbresumebuilder' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiti...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

PHPTreeView 1.0 TreeViewClass.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20764/info PHPTreeview is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

Quick Cart <= 3.1 - 'admin.php' Cross Site Scripting Vulnerability

exp: http://www.example.com/admin.php?"alertdocument.cookie" Quick.Cart admin.php 中没有对用户提交的数据进行过滤,从而导致xss 该漏洞仅在IE浏览器上会触发。。。 source: http://www.securityfocus.com/bid/31216/info Quick.Cart is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

W2B Online Banking - 'ilang' Parameter Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28796/info W2B Online Banking is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue can allow an attacker to compromise the application and the...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

Meet#Web 0.8 RegRightsResource.class.php root_path Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/30673/info MeetWeb is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.23 views

PHPLive! 3.2.2 'request.php' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35718/info PHPLive! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

HAMweather 3.9.8 Template.PHP Script Code Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20311/info HAMweather is prone to a script-code-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the...

7.1AI score
Exploits0
Rows per page
Query Builder