[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
 
Paid content will be excluded from the download.

Filter
Matches : 253351 Download | Alert*

In iTop through 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard. This is similar to CVE-2015-6544 (which is only about the dashboard title).

iTop 2.2.0 through 2.6.0 allows remote attackers to cause a denial of service (application outage) via many requests to launch a compile operation. The requests use the pages/exec.php?exec_env=production&exec_module=itop-hub-connector&exec_page=ajax.php&operation=compile URI. This only affects the community version.

Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request.

In antSword before 2.1.0, self-XSS in the database configuration leads to code execution via modules/database/asp/index.js, modules/database/custom/index.js, modules/database/index.js, or modules/database/php/index.js.

OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request.

LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997.

LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used.

LayerBB 1.1.3 allows conversations.php/cmd/new CSRF.

eGain Chat 15.0.3 allows HTML Injection.

eGain Chat 15.0.3 allows unrestricted file upload.


Pages:      Start    9303    9304    9305    9306    9307    9308    9309    9310    9311    9312    9313    9314    9315    9316    ..   25335

© SecPod Technologies