CVE-2026-39421

CVE-2026-39421 affects MaxKB (versions 2.7.1 and earlier). The sandbox escape occurs in ToolExecutor via Python ctypes calling raw syscalls to bypass LD_PRELOAD sandbox.so, enabling arbitrary code execution through direct kernel syscalls and potential full container/network compromise. The librar...

EUVD-2024-37876

Malicious code in bioql PyPI...

CVE-2024-39242

A cross-site scripting XSS vulnerability in skycaiji v2.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload using evalString.fromCharCode...

CVE-2024-39242

A cross-site scripting XSS vulnerability in skycaiji v2.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload using evalString.fromCharCode...

Design/Logic Flaw

EXCELLENT INFOTEK BiYan v1.57 v2.8 allows an attacker to leak user information without being authenticated, by sending a LOGINID element to the auth/main/asp/checkuserlogininfo.aspx URI, and then reading the response, as demonstrated by the KWEMAIL or KWTEL field...

CVE-2019-11233

CVE-2019-11233 affects EXCELLENT INFOTEK BiYan v1.57–v2.8. A misdesign allows an unauthenticated attacker to leak user information by sending a LOGIN_ID element to the endpoint auth/main/asp/check_user_login_info.aspx and reading the response, with leakage demonstrated via KW_EMAIL or KW_TEL fiel...

CVE-2019-11232

Summary of CVE-2019-11232 : Affected product is EXCELLENT INFOTEK BiYan versions 1.57 through 2.8. A vulnerability allows an unauthenticated attacker to disclose a password by sending an EMP_NO element to the kws_login/asp/query_user.asp URI and reading the PWD element. This results in informatio...

Siemens CP 1604 and 1616 <= v2.8 Cross-Site Request Forgery

Binary data 720259.prm...

Siemens CP 1604 and 1616 <= v2.8 Improper Neutralization of Input during Web Page Generation

Binary data 720258.prm...

Moxa MXview 2.8 Private Key Disclosure

Credits: John Page AKA HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-REMOTE-PRIVATE-KEY-DISCLOSURE.txt + ISR: APPARITIONSEC Vendor: ============ www.moxa.com Product: =========== MXview V2.8 Download:...

Moxa MXview 2.8 - Denial of Service

Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-DENIAL-OF-SERVICE.txt + ISR: ApparitionSec Vendor: ============ www.moxa.com Product: =========== MXView v2.8 Download:...

Moxa MXview 2.8 - Private Key Disclosure

Moxa MXview 2.8 - Private Key Disclosure + Credits: John Page AKA HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-REMOTE-PRIVATE-KEY-DISCLOSURE.txt + ISR: APPARITIONSEC Vendor: ============ www.moxa.com Product: =========== MXvie...

Moxa MXview v2.8 Denial Of Service Exploit

Exploit for windows platform in category dos / poc + Credits: John Page AKA hyp3rlinx Vendor: ============ www.moxa.com Product: =========== MXView v2.8 Download: http://www.moxa.com/product/MXstudio.htm MXview Industrial Network Management Software. Auto discovery of network devices and physical...

ThinkSNS V2.8 \api\StatusesApi.class.php 任意文件上传漏洞

No description provided by source...

phpmyinv-rfi.txt

phpMyInventory pmi v. 2.8 FOUND BY : o0xxdark0o o0xxdark0oatmsn.com DOWNLOAD : http://sourceforge.net/projects/phpmyinventory/ REMOTE FILE ICLUDE FILE : PATH\Includes\global.inc.php EXPLOIT: www.xxx.com/pmiv28/Includes/global.inc.php?strIncludePrefix=Shell.txt? thanks for all my friends.. str0ke...

Fortinet-url.txt

URL filter bypass in Fortinet Severity: Low Impact: Bypass Fortinet web filter Vulnerabilty type: Design error Affected products: FortiGate v2.8 CVE reference: CAN-2005-3058 Vulnerability Description: ------------------------- It is possible to bypass Fortinet URL blocker by making special HTTP...