234 matches found
EUVD-2013-1451
Malware in sbrugna...
CVE-2024-37392
A stored Cross-Site Scripting XSS vulnerability has been identified in SMSEagle software version 6.0. The vulnerability arises because the application did not properly sanitize user input in the SMS messages in the inbox. This could allow an attacker to inject malicious JavaScript code into an SM...
Improper input validation leads to arbitrary file deletion
Description The /process endpoint of the python API in collector/api.py exposes an endpoint waiting for a POST request with a parameter named filename : py @api.route"/process", methods="POST" def processfile: content = request.json targetfilename = content.get"filename" printf"Processing...
WPBulky < 1.0.10 - Contributor+ Stored Cross-Site Scripting
Description The plugin does not properly sanitize user input via its sanitize function, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Apache StreamPark LDAP Injection vulnerability
Apache StreamPark versions 1.0.0 to 2.0.0 have an LDAP injection vulnerability. LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it's possible to modify LDAP statements...
CVE-2022-45801 Apache StreamPark (incubating): LDAP Injection Vulnerability
Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability. LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it's possible to modify LDAP statements through...
PT-2023-17307 ยท Unknown ยท Thorsten/Phpmyfaq
Name of the Vulnerable Software and Affected Versions: thorsten/phpmyfaq versions prior to 3.1.12 Description: The issue is related to stored Cross-site Scripting XSS due to the failure to sanitize user input in the updatecategory parameter. This allows for the storage of malicious scripts that c...
U.S. Department of State: xss and html injection on ( https://labs.history.state.gov)
Possible XSS and HTML injection vulnerabilities were found on the website https://labs.history.state.gov through the "id" parameter, as user input was not sanitized and the website was using a vulnerable version of the jQuery library. Attackers could have exploited these vulnerabilities to execut...
CVE-2022-24720 Improper Input Validation in image_processing
imageprocessing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the apply method from imageprocessing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is...
CVE-2022-24720 Improper Input Validation in image_processing
imageprocessing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the apply method from imageprocessing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is...
Cross-site Scripting (XSS) - Stored in devcode-it/openstamanager
โ๏ธ Description Stored xss through file upload via anagrafiche ๐ต๏ธโโ๏ธ Proof of Concept Go to an existing Anagrafiche or create a new one. Upload a .svg file with the following content: javascript alertdocument.cookie; give a name you want ending with .svg store-xss.svg for example. when you click on...
Rocket.Chat: CSS Injection in Message Avatar
The custom message avatars in the Meteor.method "sendMessage" can contain inline CSS that influences the resulting HTML element rendering. Escaping the input with "none;" allows further CSS to be applied to the elements inline styles, without requiring certain characters such as whitespace...
Code injection
LAquis SCADA Versions 4.1.0.3870 and prior, when processing project files the application fails to sanitize user input prior to performing write operations on a stack object, which may allow an attacker to execute code under the current process...
Cross-site Scripting (XSS)
Microsoft.AspNet.SignalR is vulnerable to cross-site scripting XSS attack. The application does not properly sanitize user-supplied input before displaying it. This can allow a malicious user to inject and execute arbitrary code in the target user's browser which can lead to access to...
Signal Desktop HTML Tag Injection Variant 2
Title: Signal-desktop HTML tag injection variant 2 Date Published: 2018-05-16 Last Update: 2018-05-16 CVE Name: CVE-2018-11101 Class: Code injection Remotely Exploitable: Yes Locally Exploitable: No Vendors contacted: Signal.org Vulnerability Description: Signal-desktop is the standalone desktop...
Symantec Messaging Gateway 10.x < 10.6.3-266 Multiple Vulnerabilities (SYM17-004)
According to its self-reported version number, the Symantec Messaging Gateway SMG running on the remote host is 10.x prior to 10.6.3-266. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists when handling email attachments involving malformed o...
Novell Zenworks schedule.ScheduleQuery SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ScheduleQuery method of the schedule class. The issue lies in the failure to...
Sophos Cyberoam ccc_flush_sql_file Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sophos Cyberoam. Authentication is required to exploit this vulnerability. The specific flaw exists within the cccflushsqlfile opcode. The issue lies in the failure to properly sanitize user-suppli...
iSupport 1.8 ticket_function.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/37380/info iDevSpot iSupport is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input An attacker may leverage these issues to execute arbitrary...
common solutions csphonebook 1.02 'index.php' Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/30485/info The 'csphonebook' program from common solutions is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitra...