8 matches found
CVE-2018-16622
Multiple cross-site scripting XSS vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 discription or 2 comments field, related to users/userAddContent...
多款 XWiki Platform 产品代码注入漏洞
XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from XWiki France. A security vulnerability exists in the XWiki Platform Tag UI versions prior to 13.10.6 and 14.4, which stems from the fact that the tag document "Main.Tags" is not properly cleaned up from...
RARLAB WinRAR ACE Format Input Validation Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework TODO: add other non-payload files class MetasploitModule 'RARLAB WinRAR ACE Format Input Validation Remote Code Execution', 'Description' = %q In WinRAR versions prior t...
Moodle 'tag/user.php' Security Bypass Vulnerability
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A security bypass vulnerability exists in the Moodle 'tag/user.php' script. The vulnerability is due to the program failing to check th...
phpList 2.10.x - 'email' Cross-Site Scripting
source: https://www.securityfocus.com/bid/47580/info PHPList is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...
Ceica-GW - 'login.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/40917/info Ceica-GW is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of t...
PeerCast 0.1218 - 'getAuthUserPass' Multiple Buffer Overflow Vulnerabilities
source: https://www.securityfocus.com/bid/28986/info PeerCast is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized buffer. Successfully exploiting these issues will allow an attacker to...
Microsoft Virtual Machine 2000/3100/3200/3300 Series - 'com.ms.activeX.ActiveXComponent' Arbitrary Program Execution
source: https://www.securityfocus.com/bid/1754/info If a malicious website operator were to embed a specially crafted java object into a HTML document, it would be possible to execute arbitrary programs on a target host viewing the webpage through either Microsoft Internet Explorer or Outlook. Th...