HTTP Request Smuggling

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to HTTP Request Smuggling via the CORS middleware, which copies the Vary header from the request to the response when the origin is not set to "". An attacker can influence cache behavior or...

EUVD-2020-26748

Malware in sbrugna...

CVE-2025-54016 WordPress Videopack plugin <= 4.10.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kyle Gilman Videopack allows DOM-Based XSS. This issue affects Videopack: from n/a through 4.10.3...

CVE-2021-39187

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the explain option. This is due to a bug in the MongoDB Node.js driver which throws an...

WordPress oik Plugin <= 4.10.3 is vulnerable to Cross Site Scripting (XSS)

Software oik Type Plugin Vulnerable versions = 4.10.3 Fixed in 4.12.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6391 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2605d2118ca1 Credits Rafshanzani Suhada Required...

BIT-PARSE-2021-39187 Crash server with query parameter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the explain option. This is due to a bug in the MongoDB Node.js driver which throws an...

CVE-2022-38456

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ernest Marcinko Ajax Search Lite plugin = 4.10.3 versions...

Design/Logic Flaw

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the explain option. This is due to a bug in the MongoDB Node.js driver which throws an...

Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2020-36771)

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A cross-site scripting vulnerability exists in Cybozu Garoon versions 4.10.3 through 5.0.1. An attacker can explo...

CVE-2020-5567

Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu...

Apache Solr 4.0.0 < 4.10.3 Cross-Site Scripting

Cross-site scripting XSS vulnerability in the Admin UI Plugin / Stats page in Apache Solr versions 4.x 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object. Note that the scanner has not tested for these issues but has instead relied only on the...

CVE-2016-6419

SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485...

Cross-Site Scripting and Open Redirection vulnerability in extension phpMyAdmin (phpmyadmin)

It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Cross-Site Scripting and Open Redirection. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.10.3 and below Vulnerability Type:...

Kwik Pay Payroll v4.10.3 .mdb Crash PoC

Exploit for windows platform in category dos / poc =============================== Kwik Pay Payroll .mdb Crash PoC =============================== Version: 4.10.3 Tested on: Windows XP SP3 Cost: 100.00 AU Author: chap0 Email: chap0x90atgmaildotcom Site: http://www.setfreesecurity.com Usage: Run...

MapServer远程栈溢出及跨站脚本漏洞

BUGTRAQ ID: 25582 CVECAN ID: CVE-2007-4542,CVE-2007-4629 MapServer是一个开源的开发环境，是基于CGI的通过万维网来传输动态GIS与图像的应用程序。 MapServer处理用户数据时存在多个安全漏洞，远程攻击者可能利用此漏洞导致缓冲区溢出或跨站脚本执行。 MapServer的maptemplate.c文件中的processLine函数及mapserv.c文件中的writeError函数没有正确验证某些参数便返回给了用户，这允许远程攻击者通过跨站脚本攻击注入并执行任意HTML和脚本代码。...