19 matches found
EUVD-2026-11747
wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that allows attackers to delete all comments associated with an email address by crafting a malicious GET request with a valid HMAC key. Attackers can embed the deletecomments action URL in image tags or other resources to...
EUVD-2012-1214
Malware in sbrugna...
EUVD-2012-3778
Malware in sbrugna...
EUVD-2006-2988
Malware in sbrugna...
CVE-2024-1984
The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated individuals to obtain post contents of password protected posts via the generated source...
CVE-2023-34461
PyBB is an open source bulletin board. A manual code review of the PyBB bulletin board server has revealed that a vulnerability could have been exploited in which users could submit any type of HTML tag, and have said tag run. For example, a malicious that looks like xss could have been used to r...
LibreOffice Arbitrary Script Execution Vulnerability (Mar 2025) - Windows
LibreOffice is prone to an arbitrary script execution vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
WordPress BuddyForms Plugin <= 2.8.12 is vulnerable to Cross Site Scripting (XSS)
Software BuddyForms Type Plugin Vulnerable versions = 2.8.12 Fixed in 2.8.13 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47377 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9418faef5fbf Credits SOPROBRO Required privilege Editor...
CVE-2023-34461 Cross-site Scripting (XSS) Availability in PyBB
PyBB is an open source bulletin board. A manual code review of the PyBB bulletin board server has revealed that a vulnerability could have been exploited in which users could submit any type of HTML tag, and have said tag run. For example, a malicious that looks like xss could have been used to r...
Barrier Authorization Issues Vulnerability
Barrier is software that mimics the functionality of the Kvm switcher. Barrier suffers from an authorization problem vulnerability that can be exploited by an attacker to enter an active session state using the Barrier component by simply providing a client tag that identifies a valid client...
UBUNTU-CVE-2020-28463
All versions of package reportlab are vulnerable to Server-side Request Forgery SSRF via img tags. In order to reduce risk, use trustedSchemes & trustedHosts see in Reportlab's documentation Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos ...
The vulnerability of the gst_avi_demux_parse_ncdt function (gst/avi/gstavidemux.c) in the Gstreamer multimedia framework’s gst-plugins-good plugin. This vulnerability allows an attacker to cause a service failure.
The vulnerability of the gstavidemuxparsencdt function gst/avi/gstavidemux.c in the gst-plugins-good plugin for the Gstreamer multimedia framework is related to the execution of operations outside of the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to...
AssetMan 2.5-b - SQL Injection using Session Fixation Attack
No description provided by source. ============================================================ AssetMan v2.5-b SQL Injection using Session Fixation Attack ============================================================ ; , ,; '. ;: :; :: :: :: :: ': : :. : ;' :: :: ' .' '; ;' '. :: :; ;: :: ; :;. ,...
CVE-2012-5642
server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via unspecified symbols in this content...
CVE-2012-1185
Multiple integer overflows in 1 magick/profile.c or 2 magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE:...
AssetMan v2.5-b SQL Injection using Session Fixation Attack
No description provided by source. ============================================================ AssetMan v2.5-b SQL Injection using Session Fixation Attack ============================================================ ; , ,; '. ;: :; :: :: :: :: ': : :. : ;' :: :: ' .' '; ;' '. :: :; ;: :: ; :;. ,...
CVE-2002-0902
Cross-site scripting vulnerability in phpBB 2.0.0 phpBB2 allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote " in the IMG tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects th...
CVE-2002-0520
Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke RC1 allows remote attackers to execute script as other ASP-Nuke users by embedding it within an IMG tag...
Aladdin Knowledge Systems eSafe Gateway 3.0 - HTML tag Script-filtering Bypass
Aladdin Knowledge Systems eSafe Gateway 3.0 - HTML tag Script-filtering Bypass source: https://www.securityfocus.com/bid/2800/info eSafe Gateway is a security utility used for filtering internet content. It is possible to craft an html file that slips through eSafe Gateway's script filtering...