BIT-NODE-2025-55130

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

EUVD-2023-38871

Malicious code in bioql PyPI...

CVE-2023-34830

i-doit Open v24 was discovered to contain a reflected cross-site scripting XSS vulnerability via the timeout parameter on the login page...

CVE-2023-34830

i-doit Open v24 was discovered to contain a reflected cross-site scripting XSS vulnerability via the timeout parameter on the login page...

Cross site scripting

i-doit Open v24 was discovered to contain a reflected cross-site scripting XSS vulnerability via the timeout parameter on the login page...

CVE-2023-34830

i-doit Open v24 was discovered to contain a reflected cross-site scripting XSS vulnerability via the timeout parameter on the login page...

i-doit Open 跨站脚本漏洞

i-doit is a configuration management database software from i-doit Inc. A cross-site scripting vulnerability exists in i-doit Open v24, which stems from a timeout parameter on the login page containing reflected cross-site scripting XSS...

CVE-2023-34830

i-doit Open v24 is affected by a reflected XSS vulnerability exposed on the login page via the timeout parameter. The CVE entry CVE-2023-34830 confirms a reflected XSS issue with this parameter, and multiple sources (including PT-2023-25017 and Red Hat/RedHat-facing pages) reference the same root...

CVE-2023-34830

i-doit Open v24 was discovered to contain a reflected cross-site scripting XSS vulnerability via the timeout parameter on the login page...

PT-2023-25017 · Unknown · I-Doit Open

Name of the Vulnerable Software and Affected Versions: i-doit Open version v24 Description: A reflected cross-site scripting XSS issue was found in i-doit Open via the timeout parameter on the "/login" page. This allows for potential XSS attacks. Recommendations: For i-doit Open version v24,...

v24-reb.1tis.nl XSS vulnerability

Open Bug Bounty ID: OBB-596752 Description| Value ---|--- Affected Website:| v24-reb.1tis.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

DD-WRT HTTP v24-SP1 - Command Injection Vulnerability

No description provided by source...

DD-WRT v24-sp1 - (CSRF) Cross Site Reference Forgery Exploit

No description provided by source. Remote root dd-wrt -------------------------------------------------------------------------------- Written by Michael Brooks Special thanks to str0ke Exploits tested on the newist stable version: Firmware: DD-WRT v24-sp1 07/27/08 micro Product Homepage:...

DD-WRT 24-sp2 CSRF / Command Injection

DD-WRT v24-sp2 is prone to command injection from specially crafted configuration values containing shell meta-characters. A remote attacker can potentially use CSRF from an authenticated client to execute commands on the router as the root user. Successful exploitation can result in system wide...

DD-WRT 24-preSP2 - Information Disclosure

DD-WRT 24-preSP2 - Information Disclosure Exploit Title: DD-WRT Information Disclosure Vulnerability Date: 26-Dec-2010 Author: Craig Heffner, /dev/ttyS0 Software Link: http://www.dd-wrt.com Version: v24-preSP2 Tested on: builds 14311, 14896 Remote attackers can gain sensitive information about a...

DD-WRT v24-sp1 (XSRF) Cross Site Reference Forgery Exploit

No description provided by source. Remote root dd-wrt -------------------------------------------------------------------------------- Written by Michael Brooks Special thanks to str0ke Exploits tested on the newist stable version: Firmware: DD-WRT v24-sp1 07/27/08 micro Product Homepage:...