10 matches found
Eclipse Glassfish 安全漏洞
Eclipse Glassfish is an application server developed by the Eclipse Foundation. Eclipse Glassfish has a security vulnerability, which stems from improper handling of expressions in the server-side template rendering mechanism. This vulnerability allows remote attackers to completely destroy the...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: rubygem-addressable (UTSA-2026-014268)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014268 advisory. Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template...
EUVD-2019-16322
Malware in sbrugna...
Nautobot 安全漏洞
Nautobot is a web automation platform by the individual developers of Nautobot. A security vulnerability exists in Nautobot versions prior to 2.4.10 and prior to 1.6.32, which stems from a misconfigured Jinja2 template that could lead to data leakage or tampering...
golang: html/template: improper handling of special tags within script contexts
A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of " contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped...
PT-2023-9818 · Foxit · Foxit Pdf Reader +1
Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Foxit PDF Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. The specific flaw exists within the handlin...
golang: html/template: improper handling of empty HTML attributes
A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, "attr=." executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into ta...
Design/Logic Flaw
Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/defaultpc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition of .php files as templates...
Discuz! DiscuzX cross-site scripting vulnerability (CNVD-2018-08778)
Discuz! DiscuzX is an online forum system. A cross-site scripting vulnerability exists in Discuz! DiscuzX X3.4 and prior versions, which originates from data/template/1diyportalview.tpl.php failing to restrict user-submitted content. A remote attacker can use forum.php?mod=post&action=newthread t...
phpwind Arbitrary Code Execution Vulnerability
PHPWind is one of the more popular PHP-based Web forum program. phpwind exists arbitrary code execution vulnerability, due to the portal template code security filter function filterTemplate defective, filtering incomplete, resulting in can write php code and execution. Allow attackers with edit...