Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter.……
Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $_SERVER parameter.……
Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the first_name parameter.……
Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the email parameter.……
Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the last_name parameter.……
Cross-site scripting (XSS) vulnerability in _contactform.inc.php in Detector 0.8.5 and below version allows remote attackers to inject arbitrary web script or HTML via the cid parameter.……
An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable username parameter in ...……
On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP cr ...……
Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application.……
A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary ...……
There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker to impersonate another ...……
An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input.……
An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /action.php prId parameter. Using a post request does not sanitize the user input.……
cwlviewer is a web application to view and share Common Workflow Language workflows. Versions prior to 1.3.1 contain a Deserialization of Untrusted Data vulnerability. Commit number f6066f09edb70033a2 ...……
Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remote code execution via a crafted DBF file that triggers a buffer overflow. An attacker can use the Structured Exception Handler (SE ...……
There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008 in the nhmldmx_send_sample() function szXmlFrom parameter which leads to a denial of service vulnerability.……
There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo parameter which leads to a denial of service vulnerability.……
Privilege Escalation vulnerability in a Windows system driver of McAfee Drive Encryption (DE) prior to 7.3.0 could allow a local non-admin user to gain elevated system privileges via exploiting an unu ...……
An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions pr ...……
Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior t ...……
The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege es ...……
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already ...……
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have alr ...……
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have alread ...……
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have alr ...……
A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed th ...……
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). Thi ...……
JeeCMS 1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the commentText parameter.……
Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files (or Cells files belonging to any user) via the nodes param ...……
A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /gofor ...……
wire-server is an open-source back end for Wire, a secure collaboration platform. Before version 2.106.0, the CORS ` Access-Control-Allow-Origin ` header set by `nginz` is set for all subdomains of `. ...……
Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. (In addition, such users can be granted several admin per ...……
Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells files belonging to any user, via the format parameter.……