[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15149 Download | Alert*

ntopng before 3.0 allows XSS because GET and POST parameters are improperly validated.

af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting vulnerability in web view"s OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client"s name will cause users interacting with it will execute payload. This attack appear to be exploitable via The victim must be tricked to click an opaque link to the web view that runs the XSS payload ...

ntopng before 3.0 allows HTTP Response Splitting.

networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol .

A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. This issue affects: openSUSE open-build-service versions prior to 7cc32c8e2ff7290698e101d9a80a9dc29a5500fb.

class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment.

Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim"s webmail account by making them visit a malicious URL.

The dot package v1.1.2 uses Function to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype.

An issue was discovered in Tiny Tiny RSS before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.


Pages:      Start    1490    1491    1492    1493    1494    1495    1496    1497    1498    1499    1500    1501    1502    1503    ..   1514

© SecPod Technologies