CVE-2019-25390

CVE-2019-25390 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9. The vulnerability is a set of multiple reflected cross-site scripting flaws in the interfaces.cgi script, exploitable via posted parameters such as GREEN_ADDRESS, GREEN_NETMASK, RED_DHCP_HOSTNAME, RED_ADDRESS, DNS1_OVERRIDE, ...

CVE-2025-2418

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in TR7 Cyber ​​Defense Inc. Web Application Firewall allows Phishing. This issue affects Web Application Firewall: from 4.30 before v1.4.0.117...

CVE-2025-2418

The CVE-2025-2418 entry concerns TR7 Cyber Defense Inc. Web Application Firewall and describes an Open Redirect vulnerability (URL redirection to untrusted site) that can enable phishing. Affected versions are Web Application Firewall 4.30 through 16022026. The reported impact is limited to URL r...

CVE-2025-2418 Open Redirect in TR7's Web Application Firewall

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in TR7 Cyber ​​Defense Inc. Web Application Firewall allows Phishing. This issue affects Web Application Firewall: from 4.30 before v1.4.0.117...

CVE-2025-2418

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in TR7 Cyber ​​Defense Inc. Web Application Firewall allows Phishing. This issue affects Web Application Firewall: from 4.30 before v1.4.0.117...

CVE-2025-2418 Open Redirect in TR7's Web Application Firewall

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in TR7 Cyber ​​Defense Inc. Web Application Firewall allows Phishing. This issue affects Web Application Firewall: from 4.30 before v1.4.0.117...

PT-2026-8336

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in TR7 Cyber ​​Defense Inc. Web Application Firewall allows Phishing.This issue affects Web Application Firewall: from 4.30 through 16022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

TR7 Web Application Firewall 输入验证错误漏洞

TR7 Web Application Firewall is a firewall provided by TR7 Corporation. There is an input validation vulnerability in the TR7 Web Application Firewall version 4.30 up to version 16022026. This vulnerability stems from URL redirection to untrusted sites, which may lead to phishing attacks...

📄 PopojiCMS 2.0.1 Code Injection

PopojiCMS version 2.0.1 remote PHP code injection proof of concept exploit. ============================================================================================================================================= | Title : PopojiCMS 2.0.1 PHP COde Injection Vulnerability | | Author : indoush...

[SECURITY] Fedora 42 Update: nginx-mod-naxsi-1.6-14.fc42

naxsi is an nginx module that provides score based Web Application Firewall WAF abilities in a highly granular fashion...

[SECURITY] Fedora 43 Update: nginx-mod-naxsi-1.6-14.fc43

naxsi is an nginx module that provides score based Web Application Firewall WAF abilities in a highly granular fashion...

AXE: An Agentic EXploit Engine for Confirming Zero-Day Vulnerability Reports

Vulnerability detection tools are widely adopted in software projects, yet they often overwhelm maintainers with false positives and non-actionable reports. Automated exploitation systems can help validate these reports; however, existing approaches typically operate in isolation from detection...

Web Application Security Developer Training Guide

This guide gives a thorough overview of 34 web application vulnerabilities with descriptions of the issues, PHP examples of vulnerable code, exploit methodologies, and remediation strategies...

Incorrect Behavior Order: Validate Before Canonicalize

Overview Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize via the splitPos function. An attacker can cause unintended script execution by crafting a request path containing specific multi-byte Unicode characters, which manipulates the...

Incorrect Behavior Order: Validate Before Canonicalize

Overview Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize via the splitPos function. An attacker can cause unintended script execution by crafting a request path containing specific multi-byte Unicode characters, which manipulates the...

CVE-2025-13650

An attacker with access to the web application ZeusWeb of the provider Microcom in this case, registration is not necessary, but the action must be performed who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Surname’ parameter of the ‘Creat...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via stored cross-site scripting. An attacker can execute arbitrary JavaScript in the context of higher-privileged users by injecting malicious scripts, potentially leading to unauthorized privilege escalation...

CVE-2019-25311

The CVE concerns thesystem version 1.0, which contains a persistent cross-site scripting (XSS) vulnerability. Attackers can inject malicious scripts via multiple server input fields, specifically operating_system, system_owner, system_username, system_password, system_description, and server_name...

CVE-2025-13650

An attacker with access to the web application ZeusWeb of the provider Microcom in this case, registration is not necessary, but the action must be performed who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Surname’ parameter of the ‘Creat...

CVE-2025-13651 LEAK OF SENSITIVE INFORMATION ON MICROCOM'S ZEUSWEB

Exposure of Sensitive System Information to an Unauthorized Actor vulnerability in Microcom ZeusWeb allows Web Application Fingerprinting of sensitive data. This issue affects ZeusWeb: 6.1.31...