CVE-2023-31816

IT Sourcecode Content Management System Project In PHP and MySQL With Source Code 1.0.0 is vulnerable to Cross Site Scripting XSS via /ecodesource/searchlist.php...

CVE-2025-25875

A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /message.php. The attack can use SQL injection to obtain sensitive data...

GHSA-432C-WXPG-M4Q3 xml2rfc has file inclusion irregularities

Version 3.12.0 changed xml2rfc so that it would not access local files without the presence of its new --allow-local-file-access flag. This prevented XML External Entity XXE injection attacks with xinclude and XML entity references. It was discovered that xml2rfc does not respect...

Directory Traversal

Overview xml2rfc is a Xml2rfc generates RFCs and IETF drafts from document source in XML according to the IETF xml2rfc v2 and v3 vocabularies. Affected versions of this package are vulnerable to Directory Traversal through the src attribute in artwork or sourcecode elements due to improper...

CVE-2024-46078

itsourcecode Sports Management System Project 1.0 is vulnerable to SQL Injection in the function deletecategory of the file sportsscheduling/player.php via the argument id...

Cross site scripting

IT Sourcecode Content Management System Project In PHP and MySQL With Source Code 1.0.0 is vulnerable to Cross Site Scripting XSS via /ecodesource/searchlist.php...

PT-2023-23470 · Unknown · It Sourcecode Content Management System Project In Php/Mysql With Source Code

Name of the Vulnerable Software and Affected Versions: IT Sourcecode Content Management System Project In PHP and MySQL With Source Code version 1.0.0 Description: The issue concerns a Cross Site Scripting XSS vulnerability. This vulnerability can be exploited via the "/ecodesource/search list.ph...

CVE-2023-31816

The CVE-2023-31816 entry concerns IT Sourcecode Content Management System (PHP/MySQL) v1.0.0 that is vulnerable to Cross-Site Scripting (XSS) via the endpoint /ecodesource/search_list.php. The vulnerability is described across sources (NVD, Red Hat, CVE listings) with the core issue being an XSS ...

CVE-2023-31816

IT Sourcecode Content Management System Project In PHP and MySQL With Source Code 1.0.0 is vulnerable to Cross Site Scripting XSS via /ecodesource/searchlist.php...

CVE-2023-31816

IT Sourcecode Content Management System Project In PHP and MySQL With Source Code 1.0.0 is vulnerable to Cross Site Scripting XSS via /ecodesource/searchlist.php...

Important: tomcat7

Issue Overview: 2023-05-11: CVE-2017-12616 was added to this advisory. When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted...

Earnings and Expense Tracker App 信息泄露漏洞

Expense Tracker is an expense tracker organized by SourceCode and Projects. An information disclosure vulnerability exists in the SourceCodester Earnings and Expense Tracker App. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor announceme...

Earnings and Expense Tracker App 跨站脚本漏洞

Expense Tracker is an expense tracker organized by SourceCode and Projects. A security vulnerability exists in the SourceCodester Earnings and Expense Tracker App version 1.0, which stems from incorrect manipulation of the parameter name resulting in cross-site scripting...

CVE-2021-43437

In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways. Very often multiple websites are hosted on the same IP address. This is where the Host Header comes in. Thi...

Online Leave Management System 1.0 Shell Upload

Exploit Title: Online Leave Management System 1.0 - Arbitrary File Upload to Shell Unauthenticated Date: 24-08-2021 Exploit Author: Justin White Vendor Homepage: https://www.sourcecodester.com Software Link:...

Insecure Defaults

Moodle is vulnerable to insecure defaults. The library itself uses a hardcoded key for the rc4encrypt and rc4decrypt functions, making it easier for a malicious user to decrypt sensitive information by reading Moodle's sourcecode. The hardcoded password was set to nfgjeingjk...

Apple WebKit - JSC::SymbolTableEntry::isWatchable Heap Buffer Overflow Exploit

Exploit for multiple platform in category dos / poc function x = 0 var a; function arguments function b var g = 1; a5; f; g; ; , unsigned int, unsigned int webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+...

NVIDIA Driver - No Bounds Checking in Escape 0x7000194

NVIDIA Driver - No Bounds Checking in Escape 0x7000194 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=895 The DxgkDdiEscape handler for 0x7000194 doesn't do bounds checking with the user provided lengths it receives. When these lengths are passed to memcpy, overreads and memory...

ZineBasic 1.1 - Arbitrary File Disclosure Exploit

Exploit for php platform in category web applications Title: ZineBasic 1.1 Remote File Disclosure Exploit Author: bd0rk || East Germany former GDR Tested on: Ubuntu-Linux Vendor: http://w2scripts.com/news-publishing/ Download:...

Ramui Web Hosting Directory Script 4.0 - Remote File Inclusion

Ramui Web Hosting Directory Script 4.0 - Remote File Inclusion Title: Ramui web hosting directory script 4.0 Remote File Include Vulnerability Author: bd0rk Twitter: twitter.com/bd0rk Vendor: http://www.ramui.com Download: http://ramui.com/directory-script/download-v4.html Proof-of-Concept:...