Page 2 of 10 results (0.002 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Una fuga de información en Camp Style Project Line v13.6.1 permite a los atacantes obtener el token de acceso al canal y enviar mensajes manipulados. • http://camp.com https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39039.md • CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

Unauth.  Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On Line plugin <= 4.6.1 versions. The Albo Pretorio Online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Ente' parameter in versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/albo-pretorio-on-line/wordpress-albo-pretorio-on-line-plugin-4-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6 versions. The Albo Pretorio Online plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘Errore’ parameter in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/albo-pretorio-on-line/wordpress-albo-pretorio-on-line-plugin-4-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 1%CPEs: 1EXPL: 2

Absolute path traversal vulnerability in index.php in Sys-Hotel on Line System allows remote attackers to read arbitrary files via an encoded "/" ("%2F") in the file parameter. Vulnerabilidad de salto de directorio en index.php de Sys-Hotel on Line System, permite que atacantes remotos lean ficheros arbitrariamente usando un "/" ("%2F") codificado en el parámetro file. • https://www.exploit-db.com/exploits/31000 http://securityreason.com/securityalert/3528 http://www.securityfocus.com/archive/1/485940/100/0/threaded http://www.securityfocus.com/bid/27184 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1

Unspecified vulnerability in Serial line sniffer (aka slsnif) 0.4.4 allows local users to gain privileges via a long value of the HOME environment variable, possibly because of a buffer overflow. • http://secunia.com/advisories/18497 http://shellcoders.com/sintigan/slsnif-ploit.pl http://www.securityfocus.com/archive/1/421583/100/0/threaded http://www.vupen.com/english/advisories/2006/0212 https://exchange.xforce.ibmcloud.com/vulnerabilities/24082 •