CVE-2024-39203

A cross-site scripting XSS vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-39203

The CVE-2024-39203 entry corresponds to a cross-site scripting (XSS) vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3. A crafted payload can execute arbitrary web scripts or HTML in the context of the affected web application. Documented impact indicates user interaction i...

dbt-core's secret env vars written to package-lock.json in plaintext

Impact When used to pull source code from a private repository using a Personal Access Token PAT, some versions of dbt-core write a URL with the PAT in plaintext to the package-lock.yml file. Patches The bug has been fixed in dbt-core v1.7.3. Mitigations Remove any git URLs with plaintext secrets...

CVE-2023-25152

Wings is Pterodactyl's server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations, promote their...

CVE-2023-25152 Symbolic Link (Symlink) Following in github.com/pterodactyl/wings

Wings is Pterodactyl's server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations, promote their...

GHSA-P8R3-83R8-JWJ5 Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following

Impact This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can be used to create new files and on the host system that previously did not exist, potentially allowing attackers to change their resource allocations, promote their containers to privileged mode...

CVE-2018-0605

Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2018-0604

Pixelpost v1.7.3 and earlier allows remote code execution via unspecified vectors...

Sql injection

SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors...

Remote code execution

Pixelpost v1.7.3 and earlier allows remote code execution via unspecified vectors...

CVE-2018-0604

Pixelpost v1.7.3 and earlier has an Arbitrary Code Execution vulnerability (CVE-2018-0604). Official records confirm remote code execution via unspecified vectors. The affected product is Pixelpost (versions up to 1.7.3). Several related sources/records (NVD, JVN, CNVD, CVE lists) consistently re...

CVE-2018-0605

Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2018-0604

Pixelpost v1.7.3 and earlier allows remote code execution via unspecified vectors...

CVE-2018-0606

SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors...

Pixel Post v1.7.3 persian Reinstall login Vulnerability

Exploit for php platform in category web applications ======================================================= Pixel Post v1.7.3 persian Reinstall login Vulnerability ======================================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 ...