CVE-2026-2136

CVE-2026-2136 affects projectworlds Online Food Ordering System v1.0. The vulnerability resides in an unknown function of /view-ticket.php where manipulating the ID parameter enables SQL injection, with remote exploitation demonstrated by published exploits. Multiple sources (NVD, Red Hat, CVE li...

PT-2026-5799

Zendesk SweetHawk Survey 1.6 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through support ticket submissions. Attackers can insert XSS payloads like script tags into ticket text that automatically execute when survey pages are loaded b...

Kerberos 5-1.21.3 Privilege Escalation / Ticket Injection

Kerberos version 5-1.21.3 privilege escalation and ticket injection proof of concept exploit that demonstrates a vulnerability discovered in 2014. ============================================================================================================================================= | Title ...

DEBIAN-CVE-2022-38153

An issue was discovered in wolfSSL before 5.5.0 when --enable-session-ticket is used; however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket more than 256 bytes into a...

UBUNTU-CVE-2013-5587

Cross-site scripting XSS vulnerability in Request Tracker RT 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions...

Joomla! Component JSupport 1.5.6 - Cross-Site Scripting

Exploit Title: Joomla Component comjsupport Critical XSS Vulnerability Date: 12.11.2010 Author: Valentin Category: webapps/0day Version: 1.5.6 Tested on: CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::: General Information Advisory/Exploit Title =...