CVE-2021-39353 Easy Registration Forms <= 2.1.1 Cross-Site Request Forgery to Stored Cross-Site Scripting

The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajaxaddform function found in the /includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including...

BlackBerry Unified Endpoint Manager Cross-Site Scripting Vulnerability (CNVD-2019-39169)

BlackBerry Unified Endpoint Manager UEM is a unified endpoint management solution from BlackBerry Canada. The solution is used to manage endpoint devices and view their access. A security vulnerability exists in BlackBerry UEM. No information is currently available about this vulnerability, which...

@142vip/egg (=0.0.1-alpha.1), @142vip/egg-axios (=0.0.1-alpha.1) +215 more potentially affected by CVE-2018-3786 via egg-scripts (>=1.2.0 <=2.6.0)

egg-scripts NPM version =1.2.0, =0.1.3-alpha.0, =0.1.0-alpha.0, =0.1.1-alpha.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.2, =0.0.2, =0.0.8, =1.0.1, =1.0.2 and more Source cves: CVE-2018-3786 Source advisory: OSV:GHSA-C9J3-WQPH-5XX9...

egg-scripts command injection vulnerability

egg-scripts is a deployment tool for deploying, running and managing egg projects. A command injection vulnerability exists in egg-scripts versions prior to 2.8.1. The vulnerability can be exploited to execute arbitrary shell commands with the help of maliciously crafted command line arguments...

CVE-2018-3786

A command injection vulnerability in egg-scripts v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument...

Novell iManager and NetIQ iManager Cross-Site Scripting Vulnerabilities

NetIQ iManager is a WEB-based application from NetIQ, Inc. that allows you to use wireless devices to manage and configure eDirectory objects. novell iManager is a WEB-based application from Novell, Inc. that allows you to use wireless devices to manage and configure novell eDirectory objects. A...

HTTPS Protocol Certificate Validation Vulnerability in AVTECH Devices

AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. AVTECH devices are vulnerable to HTTPS protocol certificate validation vulnerability. SyncCloudAccount.sh, QueryFromClient.s...

DEBIAN-CVE-2012-5530

The 1 pcmd and 2 pmlogger init scripts in Performance Co-Pilot PCP before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/ temporary file...

CVE-2012-2240

scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands."...

FAQ module for phpFaber CSRF Vulnerability

Exploit for php platform in category web applications Exploit Title: FAQ module for phpFaber CSRF Author: Jonturk75 Vendor or Software Link: http://www.scripts.com/viewscript/faq-module-for-phpfaber-cms/19826/ Category:: webapps Demo : http://demo.phpfaber.com/cms1/cmsadmin Greetz: Inj3ct0r Explo...

rPSA-2007-0155-1 openssl openssl-scripts

rPath Security Advisory: 2007-0155-1 Published: 2007-08-10 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Local System User Non-deterministic Information Exposure Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.7-1...

CVE-2005-1307

The 1 stopserver.sh and 2 startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory...

CVE-2004-1115

The init scripts in Search for Extraterrestrial Intelligence SETI project 3.08-r3 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs...

Computer Software Manufaktur Alibaba 2.0 - Piped Command

Computer Software Manufaktur Alibaba 2.0 - Piped Command source: https://www.securityfocus.com/bid/1485/info Alibaba Web Server fails to filter piped commands when executing cgi-scripts. This can be used to execute commands with the privileges of the web server process on a target machine...

MDMA Advisory #5: Reading of CGI Scripts under Savant Webserver

MDMA Advisory 5 by Andrew Lewis aka. Wizdumb Reading of CGI Scripts under Savant Webserver It is possible to view the source of CGI scripts running under the Savant Webserver by omitting the HTTP version from your request. For example, we connect to port 80 of the server and type "GET...