CVE-2024-29912

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Baptiste Placé iCalendrier allows Stored XSS.This issue affects iCalendrier: from n/a through 1.80...

UBUNTU-CVE-2024-47763

Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtim...

CVE-2024-6441

A vulnerability was found in ORIPA up to 1.72. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/oripa/persistence/doc/loader/LoaderXML.java. The manipulation leads to deserialization. The attack can be launched remotely...

PT-2024-23134 · Unknown · Icalendrier

Name of the Vulnerable Software and Affected Versions: iCalendrier versions 1.80 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For versions 1.80...

WordPress iCalendrier Plugin <= 1.80 is vulnerable to Cross Site Scripting (XSS)

Software iCalendrier Type Plugin Vulnerable versions = 1.80 Fixed in 1.81 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29912 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 149ae9093141 Credits LVT-tholv2k Required privilege Contributor...

WordPress Share This Image Plugin <= 1.80 is vulnerable to Cross Site Scripting (XSS)

Software Share This Image Type Plugin Vulnerable versions = 1.80 Fixed in 1.81 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 3c9ca225ea17 Credits Rafie Muhammad Patchstack Required...

CVE-2022-25410

Maxsite CMS v180 was discovered to contain a stored cross-site scripting XSS vulnerability via the parameter ffiledescription at /admin/files...

HPE IlO Amplifier Pack 路径遍历漏洞

HPE IlO Amplifier Pack is a database management software for use in clustered environments from HPE, USA. The software supports Gen8, Gen9 and Gen10 Hewlett Packard Enterprise with automatic firmware and driver updates, manual or automatic recovery of firmware-corrupted systems, and maximizes...

Vulnerability fixed in HP Integrated Lights Out Amplifier Pack

HP has fixed a vulnerability in Integrated Lights Out Amplifier Pack. An unauthenticated malicious person can exploit the exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the...

CVE-2019-6584

A vulnerability has been identified in SIEMENS LOGO!8 6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx, SIEMENS LOGO!8 6ED1052-xyy08-0BA0 FS:01 / Firmware version V1.82.02. The integrated webserver does not invalidate the Session ID upon user logout. An attacker that...

Yaws < 1.80 (multiple headers) Remote Denial of Service Exploit

No description provided by source. !usr/bin/perl -w Yaws before 1.80 allows remote attackers to cause a denial of service memory consumption and crash via a request with a large number of headers. Refer: http://yaws.hyber.org/ http://www.securityfocus.com/bid/33834/discuss...

Yaws < 1.80 (multiple headers) Remote Denial of Service Exploit

Exploit for multiple platform in category dos / poc =============================================================== Yaws ; chomp$vulnhostip; $port = 80; $sockhttp = IO::Socket::INET-new...