19 matches found
EUVD-2008-3437
Malware in sbrugna...
EUVD-2017-9046
Malware in sbrugna...
EUVD-2008-3181
Malware in sbrugna...
EUVD-2023-56739
Malicious code in bioql PyPI...
EUVD-2023-1338
Malicious code in bioql PyPI...
EUVD-2025-9733
Malicious code in bioql PyPI...
CVE-2023-37909
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.1-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros th...
CVE-2012-1019
Multiple cross-site scripting XSS vulnerabilities in XWiki Enterprise 3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 XWiki.XWikiCommentscomment parameter to xwiki/bin/commentadd/Main/WebHome, 2 XWiki.XWikiUsers0company parameter when editing a user profile, or 3...
CVE-2024-55073
A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...
CVE-2024-55072
A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...
CVE-2024-55073
Vulnerability overview (CVE-2024-55073): hay-kot mealie v2.2.0 has a Broken Object Level Authorization on the /api/users/{user-id} endpoint that lets a user edit their own profile to grant more permissions or change their household. Root cause: improper enforcement of access controls on user-id s...
CVE-2023-52060
A Cross-Site Request Forgery CSRF in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request...
CVE-2023-29523 Code injection in display method used in user profiles in xwiki-platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write acces...
PT-2021-19812 · Xwiki · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 11.10.13 XWiki Platform versions prior to 12.6.7 XWiki Platform versions prior to 12.10.2 Description: A user disabled on a wiki using email verification for registration can re-activate themselves by using th...
CVE-2017-17903
FS Lynda Clone has CSRF via user/editprofile, as demonstrated by adding content to the user panel...
Vacation Rental Script 4.0 - CSRF Vulnerability
No description provided by source. Exploit Title: Vacation Rental Script v4.0 XSRF VULNERABILTY Google Dork: 2006 - 2009 Vacation Rental Script Date: 24.12.2010 Author: OnurTURKESHAN Software Link: http://www.vacationrentalscript.com/ Version: v.4.0 Tested on: v4.0 TEsted +WorKs ResPecT My FrienD...
Website Toolbox Cross Site Scripting
Exploit Title: Website Toolbox Cross Site Scripting Date: 7.04.2012 Author: Sony Software Link: http://websitetoolbox.com Web Browser : Mozilla Firefox Site : http://insecurity.ro PoC: http://st2tea.blogspot.com/2012/04/website-toolbox-cross-site-scripting.html...
XWiki Enterprise Multiple Cross-Site Scripting Vulnerabilities
The host is running XWiki Enterprise and is prone to cross site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: gbxwikienterprisemultxssvuln.nasl 7573 2017-10-26 09:18:50Z cfischer $ XWiki Enterprise Multiple Cross-Site Scripting Vulnerabilities Authors: Rachana Shetty Copyright:...
freestats-cgi.txt
Date: Sat, 21 Nov 1998 12:54:41 -0500 From: John Carlton To: [email protected] Subject: Freestats.com CGI vulnerability About a year ago I developed an exploit for the free web stats services offered at freestats.com, and supplied the webmaster with proper code to patch the bug. After hearing ...