20 matches found
EUVD-2025-200005
Eximbills Enterprise 4.1.5 Built on 2020-10-30 is vulnerable to authenticated stored cross-site scripting CWE-79 via the /EximBillWeb/servlets/WSTrxManager endpoint. Unsanitized user input in the TMPLINFO parameter is stored server-side and rendered to other users, enabling arbitrary JavaScript...
CVE-2025-64030
Eximbills Enterprise 4.1.5 Built on 2020-10-30 is vulnerable to authenticated stored cross-site scripting CWE-79 via the /EximBillWeb/servlets/WSTrxManager endpoint. Unsanitized user input in the TMPLINFO parameter is stored server-side and rendered to other users, enabling arbitrary JavaScript...
EUVD-2007-4761
Malware in sbrugna...
EUVD-2001-0472
Malware in sbrugna...
EUVD-2010-4952
Malware in sbrugna...
CVE-2025-50972
SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute arbitrary SQL commands via the tmplid parameter to index.php. Three techniques have been demonstrated: error-based injection using a crafted FLOOR-based payload, time-based blind injection via SLEEP, and...
Linux Distros Unpatched Vulnerability : CVE-2020-25706
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS vulnerability exists in templatesimport.php Cacti 1.2.13 due to Improper escaping of error message during template import preview in...
Regular Expression Denial Of Service (ReDoS)
tmpl is vulnerable to regular expression denial of service. An attacker is able to crash the application when formatting the crafted string through the tmpl functionality...
tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion
nodejs-tmpl is simple string formatting. tmpl is vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion...
GHSA-JGRX-MGXX-JF9V tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion
nodejs-tmpl is simple string formatting. tmpl is vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion...
CVE-2021-3777
nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity...
CVE-2021-3777
CVE-2021-3777: nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity (ReDoS). IBM X-Force lists CVSS v3.1 base score 7.5 (HIGH) with Network attack vector, no user interaction, and Availability impact. No remediation details are provided in the supplied documents.
CVE-2021-3777 Inefficient Regular Expression Complexity in daaku/nodejs-tmpl
nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity...
nodejs-tmpl 安全漏洞
nodejs is a JavaScript runtime environment based on the ChromeV8 engine, by packaging the Chromev8 engine and the use of event-driven and non-blocking IO applications make it possible to develop high-performance background applications in Javascript. A security vulnerability exists in nodejs-tmpl...
Inefficient Regular Expression Complexity in daaku/nodejs-tmpl
✍️ Description It allows cause a denial of service when formatting crafted string. 🕵️♂️ Proof of Concept // PoC.js var tmpl = require"tmpl" forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr = ""+"".repeati10000+"answer"; tmplattackstr, answer: 42 var timecost = Date.now - time;...
Joomla Collector Shell Upload
Exploit Title:Joomla comcollecter shell upload Author: Red Dragonal Alb0zZ Team Home :HackForums.AL,alb0zz.in Date :19/01/2013 Category:: web apps Google dork: inurl:index.php?option=comcollector Tested on: Windows XP Download: http://www.steevo.fr/en/download Home Page: http://www.steevo.fr/...
CVE-2010-3466
Cross-site scripting XSS vulnerability in index.php in the hostedsignup module in NetArt Media iBoutique.MALL 1.2 allows remote attackers to inject arbitrary web script or HTML via the tmpl parameter. NOTE: some of these details are obtained from third party information...
CVE-2010-3466
Cross-site scripting XSS vulnerability in index.php in the hostedsignup module in NetArt Media iBoutique.MALL 1.2 allows remote attackers to inject arbitrary web script or HTML via the tmpl parameter. NOTE: some of these details are obtained from third party information...
Joomla Camp26 VisitorData Module Shell Command Injection Vulnerability
No description provided by source. A vulnerability has been discovered in the Camp26 VisitorData module for Joomla, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "X-Forwarded-For" HTTP header is not properly sanitised before being used as a...
Design/Logic Flaw
Joomla! 1.5 before RC2 aka Endeleo allows remote attackers to obtain sensitive information the full path via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories...