GHSA-XGH5-W62M-8MPR CI4MS: Menu Management (Posts) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM XSS via Posts Added to Menu Persistent Payload Injection - Stored Cross-Site Scripting via Unsafe Rendering of Post Entries in Menu Management Description The application fails to properly sanitize user-controlled input when adding Posts to navigation menus throu...

EUVD-2018-17108

Malware in sbrugna...

CVE-2025-54366

Summary: FreeScout prior to v1.8.186 is affected by a deserialization vulnerability in the /conversation/ajax endpoint. The issue arises when processing attachments_all and attachments via the insecure Helper::decrypt() function, which deserializes user-controlled data without proper validation. ...

CVE-2025-24937 Access to local file system and its content

File contents could be read from the local file system by an attacker. Additionally, malicious code could be inserted in the file, leading to a full compromise of the web application and the container it is running on. The vulnerable component is bound to the network stack and the set of possible...

CVE-2025-24937

CVE-2025-24937 enables an attacker to read local file contents and inject malicious code, potentially resulting in full compromise of the web application and the hosting container. The vulnerability concerns a web application component bound to the network stack, with attackers able to reach from...

CVE-2025-24937 Access to local file system and its content

File contents could be read from the local file system by an attacker. Additionally, malicious code could be inserted in the file, leading to a full compromise of the web application and the container it is running on. The vulnerable component is bound to the network stack and the set of possible...

PT-2025-30233

Name of the Vulnerable Software and Affected Versions: File contents affected versions not specified Description: An attacker could read file contents from the local file system. Malicious code could be inserted into the file, potentially leading to a full compromise of the web application and it...

Matrimonial Script 2.7 - Authentication Bypass

Matrimonial Script 2.7 - Authentication Bypass ======================================================== admin panel Authentication bypass Description : An Attackers are able to completely compromise the web application built upon Matrimonial Script as they can gain access to the admin panel and...

Backup Directory

A common practice when administering web applications is to create a copy/backup of a particular directory prior to making any modification. Another common practice is to add an extension or change the name of the original directory to signify that it is a backup examples include .bak, .orig,...

Reflected Cross-Site Scripting (XSS) in iTop

High-Tech Bridge Security Research Lab discovered vulnerability in iTop, which can be exploited to perform Cross-Site Scripting XSS attacks against web application users. iTop is a critical application, which is used to cover the entire set of ITIL processes. Successful attack on this web...

aoop CMS 0.3.6 - Multiple Vulnerabilities

aoop CMS 0.3.6 - Multiple Vulnerabilities Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: Aoop CMS Vendor URL: www.annonyme.de Type: Cross-site Scripting CWE-79, SQL-Injection CWE-89 Date found: 2012-04-07 Date published: 2012-08-24 CVSSv2...

dotProject 2.0 - '/modules/projects/gantt.php?dPconfig[root_dir]' Remote File Inclusion

source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file...