GHSA-G39V-CVJH-8FPF Home Assistant MCP Server: YAML config backups written under www/ are served unauthenticated at /local/

Summary When ENABLEYAMLCONFIGEDITING=true, every haconfigsetyaml call backs up the pre-edit file to /www/yamlbackups/, which Home Assistant serves at /local/ with no authentication. Anyone who can reach the HA web interface can download the most recent pre-edit configuration.yaml or other YAML fi...

Design/Logic Flaw

i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a ".zip" file...

i-doit CMDB 1.11.2 Remote Code Execution

Exploit Title: i-doit CMDB 1.11.2 - Remote Code Execution Date: 2018-12-05 Exploit Author: Azkan Mustafa AkkuA AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.i-doit.org/ Software Link: https://www.i-doit.org/i-doit-open-1-11-2/ Version: v1.11.2 Category: Webapps Tested on: XAM...

金蝶shop商城后台弱口令泄露大量商家/会员信息/订单/网站信息

简要描述： 之前报的洞走了大厂商竟然就给了1rank，桑心啊，深夜挖洞挺不容易的，求给良心rank。。。 详细说明： 直接上图证明吧，出现问题的域名。 http://k3shop.k3cloud.kingdee.com/ 大致的扫了下网站目录，找到后台可直接登录admin用户！ 泄露的网站信息 http://k3shop.k3cloud.kingdee.com/sitemap.xml 漏洞证明： 订单信息 商家信息 会员信息...

Website Directory 'index.php' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31562/info Website Directory is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the...

chipmunkdir-sqlxss.txt

--------------------------------------------------------- Portal Name: Chipmunk Directory Vendor : http://www.chipmunk-scripts.com/page.php?ID=15 Download : http://www.chipmunk-scripts.com/directory/directory.zip Vulnerable File's : index.php,recommend.php Dork: Powered by c Chipmunk Directory...

CVE-2008-4532

Cross-site scripting XSS vulnerability in index.php in MaxiScript Website Directory allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action...

CVE-2008-4532

Cross-site scripting XSS vulnerability in index.php in MaxiScript Website Directory allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action...

CVE-2008-4532

CVE-2008-4532 describes a reflected cross-site scripting vulnerability in MaxiScript Website Directory: index.php, exploitable via the keyword parameter in a search action. The flaw stems from improper handling of user input, allowing injection of arbitrary HTML/JavaScript. Impact: could enable a...

Website Directory - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/31562/info Website Directory is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user i...

Unfixed XSS vulnerability at www.worldwebsitedirectory.com

Security researcher Uber0n, has submitted on 05/12/2007 a cross-site-scripting XSS vulnerability affecting www.worldwebsitedirectory.com, which at the time of submission ranked 804797 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 11/12/2007. ...