10776 results (0.109 seconds)

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1

06 Dec 2023 — Attacker can supply image that combined with specific MPI length leads to Arbitrary Code Execution via overwritten return address on stack. • https://github.com/desowin/zsitool/blob/master/exploit.md • CWE-121: Stack-based Buffer Overflow •

CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0

21 Jan 2025 — The script input feature of SpagoBI 3.5.1 allows arbitrary code execution. • https://github.com/MarioTesoro/CVE-2024-54794 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

20 Jan 2025 — A vulnerability classified as problematic has been found in CampCodes School Management Software 1.0. This affects an unknown part of the file /chat/group/send of the component Chat History. The manipulation of the argument message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/KhukuriRimal/Vulnerabilities/blob/main/CampCodes%20-%20Stored%20Cross%20Site%20Scripting-%20Account%20Takeover%20Possibility.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0

20 Jan 2025 — The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution. • https://www.twcert.org.tw/en/cp-139-8375-59abd-2.html • CWE-502: Deserialization of Untrusted Data •

CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0

20 Jan 2025 — A vulnerability was found in Facile Sistemas Cloud Apps up to 20250107. It has been classified as problematic. Affected is an unknown function of the file /account/forgotpassword of the component Password Reset Handler. The manipulation of the argument reterros leads to cross site scripting. It is possible to launch the attack remotely. • https://vuldb.com/?ctiid.292596 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: -EPSS: 0%CPEs: -EXPL: 1

20 Jan 2025 — Those two defects combined then allows to inject arbitrary OS commands inside shell_exec() calls, thus achieving arbitrary code execution. • https://packetstorm.news/files/id/188748 •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0

19 Jan 2025 — A vulnerability was found in Mobotix M15 4.3.4.83 and classified as problematic. This issue affects some unknown processing of the file /control/player?center&eventlist&pda&dummy_for_reload=1736177631&p_evt. The manipulation of the argument p_qual leads to cross site scripting. The attack may be initiated remotely. • https://vuldb.com/?ctiid.292541 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1

18 Jan 2025 — A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /photo-gallery of the component Photo Gallery Page. The manipulation of the argument Description leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/KhukuriRimal/Vulnerabilities/blob/main/CampCodes%20-%20School%20Management%20Software%20-%20Stored%20Cross%20Site%20Scripting.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1

18 Jan 2025 — A vulnerability, which was classified as problematic, has been found in Campcodes School Management Software 1.0. This issue affects some unknown processing of the file /create-id-card of the component Create Id Card Page. The manipulation of the argument ID Card Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/KhukuriRimal/Vulnerabilities/blob/main/CampCodes%20-%20School%20Management%20Software%20-%20Cross%20Site%20Scripting.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 0

18 Jan 2025 — A vulnerability classified as problematic has been found in Hyland Alfresco Community Edition and Alfresco Enterprise Edition up to 6.2.2. This affects an unknown part of the file /share/s/ of the component URL Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.292491 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •