21 matches found
SUSE SLES16 Security Update : strongswan (SUSE-SU-2026:21203-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21203-1 advisory. Update to strongswan 6.0.4: - CVE-2025-9615: NetworkManager File Access bsc1257359. - CVE-2026-25075: Integer Underflow When...
EUVD-2023-60204
PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScript payloads that will execute when administrators view the sections,...
CVE-2023-53927
PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScript payloads that will execute when administrators view the sections,...
CVE-2023-53927 PHPJabbers Simple CMS 5.0 Stored Cross-Site Scripting via Section Creation
PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScript payloads that will execute when administrators view the sections,...
PHPJabbers Simple CMS 跨站脚本漏洞
PHPJabbers Simple CMS is an open source content management system from PHPJabbers. A cross-site scripting vulnerability exists in PHPJabbers Simple CMS version 5.0, which originates from an authenticated attacker being able to inject malicious script via the section name parameter, potentially...
PT-2025-51965
Name of the Vulnerable Software and Affected Versions PHPJabbers Simple CMS version 5.0 Description The software contains a stored cross-site scripting issue. Authenticated attackers can inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScri...
CVE-2025-25618
Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation allowing the change of Section Name and Room Number by Teachers...
CVE-2025-25618
CVE-2025-25618 affects Unifiedtransform 2.0. Root cause: improper access control that permits privilege escalation, enabling teachers to change section names and room numbers. Impact is limited to unauthorized modifications by users with teacher privileges; CVSS 3.1 metrics indicate Network acces...
SUSE CVE-2024-46764
In the Linux kernel, the following vulnerability has been resolved: bpf: add check for invalid name in btfnamevalidsection If the length of the name string is 1 and the value of name0 is NULL byte, an OOB vulnerability occurs in btfnamevalidsection and the return value is true, so the invalid nam...
UBUNTU-CVE-2024-46764
In the Linux kernel, the following vulnerability has been resolved: bpf: add check for invalid name in btfnamevalidsection If the length of the name string is 1 and the value of name0 is NULL byte, an OOB vulnerability occurs in btfnamevalidsection and the return value is true, so the invalid nam...
SUSE CVE-2004-1065
Buffer overflow in the exifreaddata function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file...
SUSE CVE-2021-42373
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given...
DEBIAN-CVE-2021-42373
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given...
ALPINE-CVE-2021-42373
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given...
UBUNTU-CVE-2021-42373
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given...
PT-2021-23603 · Busybox +3 · Busybox +3
Name of the Vulnerable Software and Affected Versions: Busybox affected versions not specified Description: A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given. Recommendations: At the moment, there is no...
Stripo Inc: Stored XSS at Template Editor in "Section Name" Field of Block element 'Accordion'.
Summary: Hi Team, There is "Stored XSS" in Template Editor. When creating Accordion, "Section Name" field does not properly sanitize the input provided by the User leading to Stored XSS. See the Proof Of Concept below. Thank You. Steps To Reproduce: A. Open Template Editor and insert element...
BackdoorFactory - Patch PE (x86/x64) and ELF (x86/x64 and ARM LE x32) binaries with shellcode
Patch win86/64 PE and linux86/64 binaries with shellcode. The goal of The Backdoor Factory is to patch executable binaries with user desired shellcode and continue normal execution of the binary prepatched state. Under a BSD 3 Clause License. This is done by either appending a code cave or using...
CVE-2009-4429
Cross-site scripting XSS vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with "administer sections" privileges to inject arbitrary web script or HTML via a section name aka the Name field...
CVE-2006-5856
Stack-based buffer overflow in the Adobe Download Manager before 2.2 allows remote attackers to execute arbitrary code via a long section name in the dm.ini file, which is populated via an AOM file...