16 matches found
DRUPAL-CONTRIB-2026-035
The GTranslate module provides a language switcher widget for Drupal sites. The module’s widget JavaScript did not sufficiently validate that document.currentScript referred to the executing script element. A user who can add HTML to a page could cause the generated language-switcher links to poi...
CVE-2026-43529
OpenClaw before 2026.4.10 contains a time-of-check-time-of-use vulnerability in the validateScriptFileForShellBleed function that allows local attackers to bypass workspace boundary checks. An attacker with workspace write access can race-condition swap the target file between validation and...
CVE-2026-43529 OpenClaw < 2026.4.10 - Time-of-Check-Time-of-Use (TOCTOU) Race Condition in exec Script Preflight Validator
OpenClaw before 2026.4.10 contains a time-of-check-time-of-use vulnerability in the validateScriptFileForShellBleed function that allows local attackers to bypass workspace boundary checks. An attacker with workspace write access can race-condition swap the target file between validation and...
GHSA-FVX6-PJ3R-5Q4Q OpenClaw's complex interpreter pipelines could skip exec script preflight validation
Summary Before OpenClaw 2026.4.2, exec script preflight validation could fail open on complex interpreter invocations such as pipes or other non-simple command forms. In those cases, script-content validation could be skipped entirely. Impact An attacker-controlled command shape could bypass the...
CVE-2025-63215
The Sound4 IMPACT web-based management interface is vulnerable to Remote Code Execution RCE via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the...
EUVD-2012-4291
Malware in sbrugna...
EUVD-2025-24244
Malicious code in bioql PyPI...
JSA10470 - Pre-authentication CGI script fails to fully validate all parameters
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. CGI scripts accessible during pre-authentication may fail to verify the validity of values supplied as parameters. This could lead to the arbitrary fetching of ".exe" files from the...
CVE-2021-26628
Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files...
CVE-2021-26628
CVE-2021-26628 concerns MaxBoard CMS. Connected sources indicate a vulnerability in versions prior to 1.9.6 due to insufficient script validation on the admin page and weak validation of uploaded files. This allows an unauthenticated attacker to upload arbitrary files disguised as images, enablin...
Nagios XI ajaxhelper.php Command Injection (CVE-2020-15901)
A command injection vulnerability exists in Nagios XI. This vulnerability is due to insufficient validation of the input parameters in the ajaxhelper.php script...
CVE-2020-3274
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected...
CVE-2020-3278 Cisco Small Business RV Series Routers Command Injection Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected...
USN-4191-1 qemu vulnerabilities
It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. CVE-2019-12068 Sergej Schumilo, Cornelius Aschermann and Simon Wörner discovered that the qxl paravirtual graphics...
VaM Shop 1.6 Multiple Vulnerabilities
Exploit for php platform in category web applications Product: VaM Shop Vendor: Vamsoft http://vamshop.ru/ Vulnerable Version: 1.6 and Probably Prior Versions Vendor Notification: 28 December 2010 Vulnerability Type: CSRF Cross-Site Request Forgery Status: Not Fixed, Vendor Alerted, Awaiting Vend...
Exotic Cams Local File Inclusion / Cross Site Scripting
andresg888 Exploit Title : Exotic-Cams --LFI & XSS-- Date : 2010-01-09 Author : andresg888 Software Link : http://www.ppvchat.com/ Contact : andresg8884tgmaildotcom Dork : No DoRk f0R ScRipT KiDDieS Example LFI: http://www.ppvchat.com/demo/template03/registration/model.php Example XSS: Go to...