27 matches found
Daily Habit Tracker 1.0 Cross Site Scripting
Exploit Title: Daily Habit Tracker 1.0 - Stored Cross-Site Scripting XSS Date: 2 Feb 2024 Exploit Author: Yevhenii Butenko Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17118/daily-habit-tracker-using-php-and-mysql-source-code.html Version: 1.0...
CVE-2022-48599
A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...
Command injection
A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...
Command injection
A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...
GHSA-X49M-3CW7-GQ5Q jcvi vulnerable to Configuration Injection due to unsanitized user input
Summary A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lead to a command injection. PoC The vulnerable code snippet is...
CVE-2023-23925 Switcher Client contains Regular Expression Denial of Service (ReDoS)
Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation EXIST, where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack reDOS. This issue has been...
CVE-2022-3276 Puppetlabs-mysql Command Injection
Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise...
CVE-2022-3275 Puppetlabs-apt Command Injection
Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise...
Hyperledger: Fix : (Security) Mitigate Path Traversal Bug
Unsanitized input from arg0 argument flows into java.io.FileOutputStream, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. Impact Being able to access and manipulate an arbitrary path leads to vulnerabilities when a...
Oliver Library Server v5 - Arbitrary File Download Vulnerability
Exploit Title: Oliver Library Server v5 - Arbitrary File Download Exploit Authors: Mandeep Singh, Ishaan Vij, Luke Blues, CTRL Group Vendor Homepage: https://www.softlinkint.com/product/oliver/ Product: Oliver Server v5 Version: /oliver/FileServlet?source=serverFile&fileName= 2 Example to downloa...
Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp
✍️ Description Hi, in https://github.com/FalconChristmas/fpp/blob/39aa11e6f9bf8e7ee63bdbb07ea9fcabf434a60e/www/uploadfile.phpL504 you build a JS script using unsanitized user input, this can lead to XSS : php var activeTabNumber = ; // 🕵️♂️ Proof of Concept Visit...
Cross-Site Request Forgery (CSRF)
react-dev-utils is vulnerable to cross-site request forgery. Local unauthenticated attackers could exploit the flawed Webserver component to execute arbitrary commands on the targeted system via the unsanitized input command to launch an editor...
CVE-2019-9858
Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the HordeFormTypeimage method onSubmit is called on uploads, it invokes the functions getImage and getUpload, which uses...
CVE-2019-9858
CVE-2019-9858 affects Horde Groupware Webmail (versions 5.2.22 and 5.2.17). The flaw is in Horde/Form/Type.php image upload handling: an unsanitized POST parameter object[photo][img][file] is used as the destination path for move_uploaded_file(), allowing an attacker to place a PHP file (e.g., vi...
CVE-2018-10600
SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution in certain situations on specific platforms, and denial of service attacks...
Shortcodes Ultimate <= 5.0.0 - Authenticated Contributor Code Execution
The Shortcodes Ultimate plugin does not sanitize the "filter" argument to the "sumeta", "suuser", and "supost" shortcodes, allowing the filter to be set to the "system" function which runs arbitrary code. This is being exploited in the wild; I discovered this though analysis of modsecurity audit...
Cross site scripting
Some forms with the parameter geozoomleveltofoundlocation in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before 16.1 don't have the input sanitized, related to tiki-setup.php and articleimage.php. The impact is XSS...
Clipperz Password Manager RCE Vulnerability (May 2014) - Active Check
Clipperz Password Manager is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Dolphin 7.0.7 PHP Code Injection
$aItems 8...
Path disclousure in ocPortal
Vulnerability ID: HTB22761 Reference: http://www.htbridge.ch/advisory/pathdisclousureinocportal.html Product: ocPortal Vendor: ocProducts Ltd http://ocportal.com Vulnerable Version: 5.0.3 Vendor Notification: 15 December 2010 Vulnerability Type: Path disclosure Status: Not Fixed, Vendor Alerted,...