PT-2026-42746

Name of the Vulnerable Software and Affected Versions Mattermost version 11.6.0 Mattermost version 11.5.3 Mattermost version 11.4.4 Mattermost version 10.11.14 Description Insufficient sanitization of team member data returned via API endpoints allows users without elevated permissions to obtain...

jsPDF Denial of Service (DoS)

Impact User control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of...

U.S. Dept Of Defense: SQL Injection in ████

Summary: There is an SQL injection vulnerability in the SSN field at https://██████████/████/candidateapp/statusscholarship.aspx Impact An attacker could use this vulnerability to control the content in the database, exfiltrate information, and potentially obtain remote code execution. Step-by-st...

WordPress Influencer Marketing And Press Release System 2.2 XSS Vulnerability

Exploit for php platform in category web applications Credit Ricardo Sanchez Vulnerable Influencer Marketing & Press Release System plugin 2.2 Influencer Marketing & Press Release System plugin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplie...

Simple PHP Blog 0.4.0 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications + Credits: Boumediene KADDOUR AKA sh311c0d3r + Website: http://www.pentestingskills.com Vendor: ====================== http://www.simpleblogphp.com Product: =============================== Simple PHP Blog 0.4.0 Vulnerability Type:...

OLX: Cross Site Scripting -> Reflected XSS

Steps:- 1. Go to http://www.olx.ba/pretraga?trazilica="PAYLOAD" 2.Payload :- "onmousemove=alert"XSSBYJASHWANTH" " 3. You will get Pop up 4. If the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained...

Ultimate PHP Board (UPB) 2.2.7 Cross Site Scripting

Exploit Title : Ultimate PHP Board UPB 2.2.7 Cross Site Scripting Vulnerability CVE : CVE-2015-2217 Date : 4 March 2015 Exploit Author : CWH Underground Discovered By : ZeQ3uL Site : www.2600.in.th Vendor Homepage : http://www.myupb.com Software Link :...

(0Day) Denon AVR-3313CI 'Friendlyname' Persistent Cross-Site Scripting Vulnerability

This vulnerability allows remote attackers to insert persistent JavaScript on vulnerable installations of the Denon AVR-3313CI audio/video receiver's web portal. Authentication is not required to persist the attack. However, user interaction is required to exploit this vulnerability in that the...

Active PHP Bookmarks 1.0 APB.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23670/info Active PHP Bookmarks is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and t...

Magic Photo Storage Website user/user_extend.php _config[site_path] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...

Meet#Web 0.8 RegRightsResource.class.php root_path Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/30673/info MeetWeb is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the...

WebPhotoPro Multiple SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/32829/info WebPhotoPro is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to...

MySQLDumper 1.21 SQL.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20460/info MySQLDumper is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to execute attacker-supplied script code ...

Magic Photo Storage Website admin/list_members.php _config[site_path] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...

AIOCP 1.4 'cp_html2txt.php' Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35811/info AIOCP All In One Control Panel is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the...

Lussumo Vanilla <= 1.1.10 'definitions.php' Multiple Remote File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/38889/info Vanilla is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the...

LetoDMS 1.4.x 'lang' Parameter Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37828/info LetoDMS formerly known as MyDMS is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the...

Juniper Junos 8.5/9.0 J-Web Interface /configuration Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/36537/info Juniper Networks JUNOS is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data to J-Web Juniper Web Management. Attacker-supplie...

Web Wiz Forums 7.01 Members.ASP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20054/info Web Wiz Forums is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to have arbitrary script code execute in the...

Softbiz Image Gallery config.php msg Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/30546/info Softbiz Photo Gallery is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script co...