CVE-2022-37406

Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script...

CVE-2022-44956

webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the component /projects/listprojects.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

CVE-2022-40690

Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script...

Code injection

Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0...

CVE-2016-4856

Splunk Enterprise 6.3.x (pre-6.3.5) and Splunk Light 6.3.x (pre-6.3.5) are affected by a stored cross-site scripting (CWE-79) vulnerability that allows an administrator to inject arbitrary web script or HTML via unspecified vectors. The issue stems from incorrect handling in the web interface, en...

Help Desk Customer Service Ticket System 1.0 CSRF

IIIIIIII RRRRRRRRRRRR HHHHHHHH HHHHHHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRRRRRRRR HHHHHHHHHHHHHHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIIIIIII RRRRRRRR RRRRRR...

Vanilla FirstLastNames 1.3.2 Plugin Persistant XSS

Exploit for php platform in category web applications Title: Vanilla FirstLastNames 1.3.2 Plugin Persistant XSS Vulnerability Date: 18/5/12 Author: Henry Hoggard Author URL: henryhoggard.co.uk Author Twitter: @henryhoggard Software: Vanilla Version 2.0.18.4 + FirstLastNames 1.3.2...

ProNews V1.5 XSS & SQL Injection

ProNews V1.5 -------------------- Vendor site: http://www.scripthp.com/ Product: ProNews V1.5 Vulnerability: XSS & SQL Injection Vulnerability Credits: MrKaLiMaN Reported to Vendor: 01.12.06 Public disclosure: 09.12.06 Description: ------------ XSS permanent:...

OpenDock Easy Doc <=1.4 (doc_directory) File Include Vulnerabilities

No description provided by source. ECHOADV49$2006 ----------------------------------------------------------------------------------------------- ECHOADV49$2006OpenDock Easy Doc =1.4 docdirectory Multiple Remote File Inclusion Vulnerability...

MiniBB Mambo Component <= 1.5a Remote File Include Vulnerabilities

No description provided by source. --------------------------------------------------------------------------------------------- MiniBB Forum Mambo Component = 1.5a Remote File Include Vulnerabilities -----------------------------------------------------------------------------------------------...

CMS Faethon 1.3.2 - mainpath Remote File Inclusion

CMS Faethon 1.3.2 - mainpath Remote File Inclusion \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV33$2006 --------------------------------------------------------------------------- ECHOADV33$2006 CMS Faethon 1.3.2 mainpath Remote File Inclusion...

[Full-Disclosure] [ GLSA 200502-21 ] lighttpd: Script source disclosure

Gentoo Linux Security Advisory GLSA 200502-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

lighttpd: Script source disclosure

Background lighttpd is a small-footprint, fast, compliant and very flexible web-server which is optimized for high-performance environments. Description lighttpd uses file extensions to determine which elements are programs that should be executed and which are static pages that should be sent...

Tlen.pl 5.23.4.1 - Instant Messenger Remote Script Execution

source: https://www.securityfocus.com/bid/12050/info Tlen.pl is reported prone to a potential script execution vulnerability. It is reported that this issue may allow remote attackers to execute arbitrary script code on a vulnerable computer, which may lead to various attacks. Tlen.pl 5.23.4.1 an...

Yahoo! Messenger ymsgr URI Arbitrary Script Execution

Binary data 1263.prm...

Microsoft Outlook 5.52000 - Web Access HTML Attachment Script Execution

Microsoft Outlook 5.52000 - Web Access HTML Attachment Script Execution source: https://www.securityfocus.com/bid/8113/info OWA contains a vulnerability that may result in attacker-supplied script code executing within the context of the mail interface when processing e-mail containing HTML messa...

cpanel.pl

cpanel-plus.pl exploit Spawn bash style Shell on Apache CPANEL Spabam 2003 PRIV8 code hackarena irc.brasnet.org This Script is currently under development use strict; use IO::Socket; my $host; my $port; my $command; my $url; my @results; my $probe; my @U; my $shit; $U1 =...

Geeklog 1.3.5 - Calendar Event Form Script Injection

source: https://www.securityfocus.com/bid/4974/info Geeklog does not sufficiently sanitize script code from form fields, making it prone to script injection attacks. Attacker-supplied script code may potentially end up in webpages generated by Geeklog and will execute in the browser of a user who...

CVE-2001-0520

Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent filtering of SCRIPT tags by embedding the scripts within certain HTML tags including 1 onload in the BODY tag, 2 href in the A tag, 3 the BUTTON tag, 4 the INPUT tag, or 5 any other tag in which scripts can be...

Заткнута дырка в IIS

Один из служебных скриптов зацикливается при отсутствии одного из аргументов. Кроме того найден еще один способ прочитать часть файла через .HTR - файлы доавить "+.htr" к имени файла...