Linux Distros Unpatched Vulnerability : CVE-2019-11199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regul...

PT-2019-15782 · Dolibarr · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr CRM/ERP version 10.0.3 Description: The issue allows for Stored XSS due to JavaScript execution in an SVG image used for a profile picture. This is specifically related to the "viewimage.php?file=" endpoint, where an attacker can...

maywood.com XSS vulnerability

Vulnerable URL: http://www.maywood.com/EVCommerce/ViewImage.asp?ImageName=/EVCommerce/images/edgeCrimped.jpg=1"...

CVE-2014-3991

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the 1 dolusejmobile, 2 doloptimizesmallscreen, 3 dolnomousehover, 4 dolhidetopmenu, 5 dolhideleftmenu, 6 mainmenu, or 7 leftmenu parameter to index.php; th...

CVE-2008-2765

SQL injection vulnerability in gallery.asp in Xigla Absolute Image Gallery XE allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action...

CVE-2007-1469

SQL injection vulnerability in gallery.asp in Absolute Image Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action...

Sql injection

SQL injection vulnerability in gallery.asp in Absolute Image Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action...

CVE-2006-5205

Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. dot dot sequence in the dir parameter in 1 index.php and 2 forum/index.php, when the viewimage command in the gallery module is used...