19 matches found
EUVD-2023-30354
Malicious code in bioql PyPI...
EUVD-2024-22978
Malicious code in bioql PyPI...
CVE-2023-26559
A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF directory via a crafted HTTP request. XML Web Author 24.1.0.3 build 2023021714 and 23.1.1.4 build...
CVE-2024-25662
Oxygen XML Web Author v26.0.0 and older and Oxygen Content Fusion v6.1 and older are vulnerable to Cross-Site Scripting XSS for malicious URLs...
CVE-2024-25662
Oxygen XML Web Author v26.0.0 and older and Oxygen Content Fusion v6.1 and older are vulnerable to Cross-Site Scripting XSS for malicious URLs...
Oxygen XML Web Author 安全漏洞
SyncRO Soft Oxygen XML Web Author is an XML editor from SyncRO Soft. A security vulnerability exists in Oxygen XML Web Author version v26.0.0 and earlier, and Oxygen Content Fusion version v6.1 and earlier. An attacker could exploit this vulnerability to conduct cross-site scripting attacks...
CVE-2024-25662
Oxygen XML Web Author v26.0.0 and older and Oxygen Content Fusion v6.1 and older are vulnerable to Cross-Site Scripting XSS for malicious URLs...
CVE-2024-25662
Oxygen XML Web Author v26.0.0 and older and Oxygen Content Fusion v6.1 and older are vulnerable to Cross-Site Scripting XSS for malicious URLs...
PT-2024-21079 · Syncro Soft · Oxygen Xml Web Author +1
Name of the Vulnerable Software and Affected Versions: Oxygen XML Web Author versions prior to 26.0.0 Oxygen Content Fusion versions prior to 6.1 Description: The issue allows for Cross-Site Scripting XSS attacks using malicious URLs. Recommendations: For Oxygen XML Web Author versions prior to...
CVE-2023-26559
A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF directory via a crafted HTTP request. XML Web Author 24.1.0.3 build 2023021714 and 23.1.1.4 build...
CVE-2023-26559
A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF directory via a crafted HTTP request. XML Web Author 24.1.0.3 build 2023021714 and 23.1.1.4 build...
Directory traversal
A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF directory via a crafted HTTP request. XML Web Author 24.1.0.3 build 2023021714 and 23.1.1.4 build...
CVE-2023-26559
A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF directory via a crafted HTTP request. XML Web Author 24.1.0.3 build 2023021714 and 23.1.1.4 build...
Syncro Soft Oxygen XML WebHelp 路径遍历漏洞
Syncro Soft Oxygen XML WebHelp is for converting DITA and DocBook resources to WebHelp output from Syncro Soft Romania. A security vulnerability exists in Oxygen XML Web Author versions prior to 25.0.0.3 build 2023021715, Oxygen Content Fusion versions prior to 5.0.3 build 2023022015, which...
CVE-2023-26559
A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF directory via a crafted HTTP request. XML Web Author 24.1.0.3 build 2023021714 and 23.1.1.4 build...
CVE-2023-26559
The CVE-2023-26559 entry describes a directory traversal flaw in Syncro Soft Oxygen XML Web Author (pre-25.0.0.3 build 2023021715) and Oxygen Content Fusion (pre-5.0.3 build 2023022015) that lets an attacker read files under WEB-INF via a crafted HTTP request. Affected versions include XML Web Au...
PT-2023-20727 · Syncro Soft · Oxygen Content Fusion +1
Name of the Vulnerable Software and Affected Versions: Oxygen XML Web Author versions prior to 25.0.0.3 build 2023021715 Oxygen Content Fusion versions prior to 5.0.3 build 2023022015 Description: A directory traversal issue allows an attacker to read files from a WEB-INF directory via a crafted...
Freelance Website Script 2.0.6 - 'pr_id' / 'catid' SQL Injection
Exploit Title: Freelance Website Script 2.0.6 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/freelance-website-script/ Version: 2.0.6 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Explo...
Joomla Component com_tickets <= 2.1 (id) SQL Injection Vuln
No description provided by source. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Joomla Component comtickets id SQL-injection Vulnerability ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + Author : Chip D3 Bi0s + Email :...