CVE-2021-29002

A stored cross-site scripting XSS vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.sitetitle" parameter...

Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites

Threat actors are attempting to actively exploit a critical security flaw in the ValvePress Automatic plugin for WordPress that could allow site takeovers. The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior t...

PYSEC-2021-889

A stored cross-site scripting XSS vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.sitetitle" parameter...

PYSEC-2021-889

A stored cross-site scripting XSS vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.sitetitle" parameter...

Apache Atlas CVE-2019-10070 HTML Injection Vulnerability

Description Apache Atlas is prone to an HTML injection vulnerability because it fails to sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based...

Design/Logic Flaw

DISPUTED The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the...

CVE-2018-19853

An issue was discovered in hitshop through 2014-07-15. There is an elevation-of-privilege vulnerability that allows control over the whole web site via the admin.php/user/add URI because a storekeeper account which is supposed to have only privileges for commodity management can add an...

CVE-2018-14939

The getapppath function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impac...

MyBB has multiple vulnerabilities (CNVD-2016-11618)

MyBB aka MyBulletinBoard is a free and web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. Multiple security vulnerabilities exist in versions of MyBB prior to 1.8.8 including: SQL injectio...

MyBB has multiple vulnerabilities (CNVD-2016-11616)

MyBB aka MyBulletinBoard is a free and web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. Multiple security vulnerabilities exist in versions of MyBB prior to 1.8.8 including: SQL injectio...

Cloudera Manager has multiple vulnerabilities

Cloudera Manager is a set of Hadoop data management software from Cloudera, USA. The software supports the creation of clusters, authentication, data backup and recovery and so on. Cloudera Manager suffers from HTML injection and cross-site scripting vulnerabilities. An attacker exploiting the...

Xiangtan Times Information Technology Co., Ltd. website building system has arbitrary file upload vulnerability

Xiangtan Times Information Technology Co., Ltd. is an IT application service company, providing IT application services and e-commerce solutions. Xiangtan Times Information Technology Co., Ltd. website building system has an arbitrary file upload vulnerability, which can upload script files to...

File Upload Vulnerability in Real Estate Information Network System

Real Estate Information Network System is a software package that introduces real estate information. The product suffers from a file upload vulnerability, which can be exploited by an attacker to upload arbitrary files and thus gain control of the website...

Arbitrary File Upload Vulnerability in Tongda OA Cracked Version

Tongda OA office system is a domestic office software. Tongda OA Crack version of the existence of arbitrary file upload vulnerability, allowing attackers to exploit the vulnerability to upload arbitrary files to obtain control of the site...

Weak Password Vulnerability in Intelligent Upgrading System of Zhengzhou Wecom Technology Co.

WKM Technology is is a broadband network multimedia application system solutions and equipment providers, system integrators and information service providers, is the Beidou timing application system solutions and equipment providers, the main business of education informatization, party members ...

Oxwall Cross-Site Request Forgery Vulnerability

Oxwall is a fully functional SNS social networking system developed using PHP+MySQL. Oxwall has a cross-site request forgery vulnerability. The "/admin/pages/maintenance" script fails to properly validate the origin of HTTP requests. Allowing an attacker to steal cookies from other users, spread...

Curverider Elgg 1.0 - Templates HTML Injection

source: https://www.securityfocus.com/bid/43871/info Elgg is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Exploits require the attacker be an authenticated user; this permission may be trivial ...

Flat Calendar 1.1 - 'add.php' HTML Injection

source: https://www.securityfocus.com/bid/34688/info Flat Calendar is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker t...

Knusperleicht Shoutbox 2.6 - 'Shout.php' HTML Injection

source: https://www.securityfocus.com/bid/21637/info Knusperleicht Shoutbox is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected...