GHSA-G955-VW6W-V6PP Citizen vulnerable to stored XSS in sticky header button messages

Summary The JS implementation for copying button labels to the sticky header in the Citizen skin unescapes HTML characters, allowing for stored XSS through system messages. Details In the copyButtonAttributes function in stickyHeader.js, when copying the button labels, the innerHTML of the new...

EUVD-2008-5971

Malware in sbrugna...

MAL-2025-9078 Malicious code in @malware-test-yeast-pings-sysop-foams/test-mlw3-yeast-pings-sysop-foams (npm)

The package @malware-test-yeast-pings-sysop-foams/test-mlw3-yeast-pings-sysop-foams was found to contain malicious code...

sFileManager <= v.24a Local File Inclusion Vulnerability

No description provided by source. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= sFileManager = v.24a / Local File Inclusion Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= $ Program: sFileManager $ Version: = v.24a $ File affected: fm.php $ Download:...

Arasism Remote Command Upload Vulnerability

Exploit Title : Arasism Remote Command Upload Vulnerability Author : Iranian Security & Research Team Discovered By : Ehram.shahmohamadi Home : sec-lab.ir Contact : research at sec-lab dot ir Portal Link : www.Arasism.Com Security Risk : High DorK : "Powered by Arasism.com"...

sFileManager 24a - Local File Inclusion

sFileManager 24a - Local File Inclusion -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= sFileManager eNYe-Sec - www.enye-sec.org - www.pepelux.org ----- by the author ----- Simple File Manager SFM is a web based file management utility. It is designed to be used by those that don't wan...

sFileManager 24a - Local File Inclusion

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= sFileManager eNYe-Sec - www.enye-sec.org - www.pepelux.org ----- by the author ----- Simple File Manager SFM is a web based file management utility. It is designed to be used by those that don't want to use ftp or SHOULD NOT use ftp. It c...

PAD Site Scripts 3.6 - Insecure Cookie Handling

PAD Site Scripts 3.6 - Insecure Cookie Handling ======================================================= +++++++++++++++++++ information +++++++++++++++++++++++ ======================================================= + Script :PAD Site Scripts v3.6 Insecure Cookie Handling Vulnerability + Found by...

Authentication flaw

index.php in ADN Forum 1.0b and earlier allows remote attackers to bypass authentication and gain sysop access via a fpusuario cookie composed of an initial sysop: string, an arbitrary password field, and a final :sysop:0 string...

CVE-2008-6001

The CVE-2008-6001 entry applies to ADN Forum before or at version 1.0b. A flaw in index.php lets remote attackers bypass authentication and obtain sysop privileges by manipulating a fpusuario cookie constructed with an initial sysop: string, a user-supplied password field, and a trailing :sysop:0...