1927 matches found
CVE-2021-47900
Gila CMS
CVE-2021-47900 Gila CMS < 2.0.0 - Remote Code Execution
Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shellexec to run system commands by sending craft...
CVE-2021-47900 Gila CMS < 2.0.0 - Remote Code Execution
Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shellexec to run system commands by sending craft...
PT-2026-4931
Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shell exec to run system commands by sending...
CVE-2021-31794
Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP User-Agent header...
CVE-2016-10964
The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header...
CVE-2020-12645
OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption...
CVE-2019-16197
In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS...
CVE-2019-12198
In GoHttp through 2017-07-25, there is a stack-based buffer over-read via a long User-Agent header...
LFI-DVWA-Lab-
LFI Exploitation – DVWA Lab 📌 Overview This project demons...
CVE-2021-47738
CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend...
CVE-2021-47738
CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend...
CVE-2021-47738
CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend...
CVE-2021-47738 CSZ CMS 1.2.7 Persistent Cross-Site Scripting via Private Messaging
CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend...
CVE-2021-47738 CSZ CMS 1.2.7 Persistent Cross-Site Scripting via Private Messaging
CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend...
PT-2025-52838
Name of the Vulnerable Software and Affected Versions CSZ CMS version 1.2.7 Description The software contains a persistent cross-site scripting issue that permits unauthorized users to inject malicious JavaScript into private messages. An attacker can send messages containing script payloads with...
CVE-2025-14897
A vulnerability was identified in CodeAstro Real Estate Management System 1.0. The impacted element is an unknown function of the file /admin/useragentdelete.php of the component Administrator Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit is...
CVE-2025-14897 CodeAstro Real Estate Management System Administrator Endpoint useragentdelete.php sql injection
A vulnerability was identified in CodeAstro Real Estate Management System 1.0. The impacted element is an unknown function of the file /admin/useragentdelete.php of the component Administrator Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit is...
Arbitrary Code Injection
Ray is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of the User-Agent header combined with lack of protection against DNS rebinding attacks, which allows an attacker to execute arbitrary code on a developer’s system via a malicious website or...
CVE-2025-62593
Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense us...