37 matches found
CVE-2025-11283
CVE-2025-11283 affects Frappe LMS 2.35.0, specifically the Course Handler component. The vulnerability arises from manipulation of the Description argument in Course Handler, enabling cross-site scripting (XSS) via a remote attack. Public disclosures exist detailing the exploit. The recommended r...
Check Point Identity Agent Arbitrary File Write Vulnerability
Check Point Identity Agent Arbitrary File Write Vulnerability Description =========== The Check Point Identity Agent allows low privileged users to write files to protected locations of the file system. Details ======= Advisory ID: usd-2021-0005 Product: Check Point Identity Agent Affected Versio...
Open-Xchange App Suite / Documents Server-Side Request Forgery
Product: OX App Suite / OX Documents Vendor: OX Software GmbH Internal reference: 67871, 68258 Bug ID Vulnerability type: Server-Side Request Forgery CWE-918 Vulnerable version: 7.10.2 and earlier Vulnerable component: backend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed...
Uplay 92.0.0.6280 - Local Privilege Escalation
Uplay 92.0.0.6280 - Local Privilege Escalation Exploit Title: Uplay 92.0.0.6280 - Local Privilege Escalation Date: 2019-08-07 Exploit Author: Kusol Watchara-Apanukorn, Pongtorn Angsuchotmetee, Manich Koomsusi Vendor Homepage: https://uplay.ubisoft.com/ Version: 92.0.0.6280 Tested on: Windows 10 x...
Uplay 92.0.0.6280 - Local Privilege Escalation
Exploit Title: Uplay 92.0.0.6280 - Local Privilege Escalation Date: 2019-08-07 Exploit Author: Kusol Watchara-Apanukorn, Pongtorn Angsuchotmetee, Manich Koomsusi Vendor Homepage: https://uplay.ubisoft.com/ Version: 92.0.0.6280 Tested on: Windows 10 x64 CVE : N/A Vulnerability Description:...
Wordpress BulletProof Security 53.3 Cross Site Scripting
Information -------------------- Advisory by Netsparker Name: Multiple XSS Vulnerabilities in BulletProof Security Affected Software : BulletProof Security Affected Versions: v53.3 and possibly below Vendor Homepage : https://wordpress.org/plugins/bulletproof-security/ Vulnerability Type :...
Adobe Reader DC 15.010.20060 - Memory Corruption
Title: Adobe Reader DC = 15.010.20060 - Memory corruption Application: Adobe Reader DC Version: 15.010.20060 and earlier versions Platform: Windows and Macintosh Software Link: https://acrobat.adobe.com/ca/fr/acrobat/pdf-reader.html Date: May 10, 2016 CVE: CVE-2016-1077 Author: Pier-Luc Maltais...
Samsung SoftAP Weak Password Vulnerability
Samsung's SoftAP WPA2-PSK password generation is weak and can be cracked in a few hours. ================================================================ Samsung softap weak random generated password This affects SmartTV and Printers ===============================================================...
zTree 3.5.19.1 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Information -------------------- Advisory by Netsparker. Name: Multiple XSS Vulnerabilities in zTree v3 Affected Software : zTree Affected Versions: v3.5.19.1 and possibly below Vendor Homepage : https://github.com/zTree/zTreev3 Vulnerability...
zTree 3.5.19.1 Cross Site Scripting
Information -------------------- Advisory by Netsparker. Name: Multiple XSS Vulnerabilities in zTree v3 Affected Software : zTree Affected Versions: v3.5.19.1 and possibly below Vendor Homepage : https://github.com/zTree/zTreev3 Vulnerability Type : Cross-site Scripting Severity : Important Statu...
TestLink 1.9.14 Cross Site Scripting
Information ================================= Name: Persistent XSS Vulnerability in TestLink 1.9.14 Affected Software: TestLink Affected Versions: 1.9.14 and possibly below Vendor Homepage: http://testlink.org/ Severity: High Status: Fixed Vulnerability Type: =================================...
TestLink Security Advisory - SQL Injection Vulnerability - CVE-2015-7390
Information -------------------- Advisory by Netsparker. Name: SQL Injection Vulnerability in TestLink 1.9.13 Affected Software : TestLink Affected Versions: 1.9.1.3 and possibly below Vendor Homepage : http://testlink.org/ Vulnerability Type : SQL Injection Severity : Critical Status : Fixed...
DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584
Information -------------------- Advisory by Netsparker. Name: XSS Vulnerability in DataTables Affected Software : DataTables Affected Versions : 1.10.8 and possibly below Vendor Homepage : https://github.com/DataTables/DataTables Vulnerability Type : Cross-site Scripting Severity : Important...
UNIT4 Prosoft HRMS 8.14.230.47 Cross Site Scripting
Vulnerability type: Cross-site Scripting Vendor: http://www.unit4.com/ Product: UNIT4 Prosoft HRMS Product site: http://www.unit4apac.com/products/prosofthrms Affected version: 8.14.230.47 Fixed version: 8.14.330.43 Credit: Jerold Hoong & Edric Teo PROOF OF CONCEPT The login page of UNIT4's Proso...
IBM Endpoint Manager 9.1.x / 9.2.x Cross Site Scripting Vulnerability
IBM Endpoint Manager Relay Diagnostics page allows anybody to persistently store HTML and JavaScript code that is executed when the page is opened in a browser. Affected versions include 9.1.x versions earlier than 9.1.1229 and 9.2.x versions earlier than 9.2.1.48. Product: IBM Endpoint Manager...
Multiple vulnerabilities in PBBoard
Advisory ID: HTB23101 Product: PBBoard Vendor: www.pbboard.com Vulnerable Versions: 2.1.4 and probably prior Tested Version: 2.1.4 Vendor Notification: July 18, 2012 Public Disclosure: August 8, 2012 Vulnerability Type: SQL Injection CWE-89, Improper Authentication CWE-287, Improper Access Contro...
Kajona 3.4.1 Cross Site Scripting
Exploit for php platform in category web applications Product: Kajona Vendor: www.kajona.de Vulnerable Versions: 3.4.1 and probably prior Tested Version: 3.4.1 Vendor Notification: 20 June 2012 Vendor Patch: 26 June 2012 Public Disclosure: 11 July 2012 Vulnerability Type: Cross-Site Scripting XSS...
ManageEngine Support Center Plus 7903 XSS / SQL Injection
| |.--.--.| || | .-----.| | |. | || || | ||. | | | || | |. | ||.| \ ||. | |||||||| |: 1 | |: 1 ||: 1 | |::.. . | |::.. . ||::.. . | -------' -------'-------' +--------------------------------------------------------------------------------------------------------------------------------+ | Exploi...
Sysax 5.57 - Directory Traversal
!/usr/bin/python Title: Sysax Multi Server = 5.57 Directory Traversal Tool Post Auth Author: Craig Freyman @cd1zz Tested on: XP SP3 32bit and Server 2003 SP2 32bit Date Discovered: March 27, 2012 Vendor Contacted: March 29, 2012 Vendor Response: April 3, 2012 Vendor Fixed: Currently working on fi...
Campaign Enterprise 11.0.421 SQL Injection
Exploit Title: Campaign Enterprise 11.0.421 SQLi Vulnerability Author: Craig Freyman @cd1zz Date Discovered: 12/12/2011 Vendor Notified: 1/19/2012 Vendor Fixed: 1/30/2012 Version 11.0.512 Description: The SID parameter in a POST is vulnerable to a boolean based blind SQLi. You must be authenticat...