29 matches found
Spring Security 访问控制错误漏洞
Spring Security is a security framework developed by Spring OpenSource that includes authentication and authorization features. In versions 7.0.0 to 7.0.4 of Spring Security, there was an access control vulnerability. This vulnerability occurred when the servlet path defined using the tag did not...
Fedora 42 : tuxanci (2026-c76c93c411)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-c76c93c411 advisory. This release removes bad URL tag from the package. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note tha...
EUVD-2017-3263
Malware in sbrugna...
EUVD-2006-1023
Malware in sbrugna...
EUVD-2006-0317
Malware in sbrugna...
Fedora: Security Advisory (FEDORA-2024-ae2925c3ae)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-7GHM-RPC7-P7G5 Code injection in Apache Struts
A vulnerability introduced by forcing parameter inclusion in the URL and Anchor Tag allows remote command execution, session access and manipulation and XSS attacks. both the s:url and s:a tag provide an includeParams attribute. The main scope of that attribute is to understand whether includes...
Apache Struts Remote Code Execution Vulnerability
Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defined in underlying configurations and in same time, its upper package configuration have no or...
GHSA-CR6J-3JP9-RW65 Apache Struts vulnerable to remote command execution (RCE) due to improper input validation
Apache Struts contains a Remote Code Execution when using results with no namespace and it's upper actions have no or wildcard namespace. The same flaw exists when using a url tag with no value, action set, and it's upper actions have no or wildcard namespace...
dille-kamille.be XSS vulnerability
Open Bug Bounty ID: OBB-671063 Description| Value ---|--- Affected Website:| dille-kamille.be Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Remote Code Execution (RCE)
struts2-core is vulnerable to remote code execution RCE attacks. These attacks are possible when using a namespace or url tag which doesn't have a value and action set and where its upper action configuration is using a wildcard namespace or has no namespace...
CVE-2018-11776
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true either by user or a plugin like Convention Plugin and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace...
CVE-2018-11776
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true either by user or a plugin like Convention Plugin and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace...
CVE-2017-11651
NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag...
CVE-2017-11651
NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag...
Koobi 5.0 BBCode URL Tag Script Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16078/info Koobi is prone to a script injection vulnerability. An attacker can nest BBCode URL tags to trigger this issue and execute arbitrary code in a user's browser. Attacker-supplied HTML and script code would be abl...
openSUSE 10 Security Update : opera (opera-2181)
This update fixes the RSA signature checking problem found in openssl in the Opera webbrowser which is statically linked against openssl. CVE-2006-4339 A URL tag parsing heap overflow in Opera could be used to potentially execute code. CVE-2006-4819 %NASLMINLEVEL 70300 C Tenable Network Security,...
[KAPDA]MyBB 1.1.4~function_post.php~XSS Attack In URL tag
ORIGINAL ADVISORY: http://kapda.ir/page-advisory.html http://myimei.com/security/2006-06-22/mybb-114-functionpostphpxss-attack-in-url-tag.html ——————–Summary—————- Software: MyBB Sowtware’s Web Site: http://www.mybboard.com Versions: 1.1.3 Class: Remote Status: Patched Exploit: Available Discover...
Cross site scripting
Cross-site scripting XSS vulnerability in fce.php in UKiBoard 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a BBCode url tag when using the showpost function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
CVE-2006-1019
Cross-site scripting XSS vulnerability in fce.php in UKiBoard 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a BBCode url tag when using the showpost function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...