EUVD-2022-25830

Malicious code in bioql PyPI...

GHSA-WGX7-JP56-65MQ Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting

Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when: - resolving or closing issues bugchangestatuspage.php belonging to a project linking said custom field - viewing issues viewallbugpage.php when...

Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting

Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when: - resolving or closing issues bugchangestatuspage.php belonging to a project linking said custom field - viewing issues viewallbugpage.php when...

DataCube3 v1.0 - Unrestricted file upload Remote Code Execution Exploit

Exploit Title: DataCube3 v1.0 - Unrestricted file upload 'RCE' Exploit Author: Samy Younsi - NS Labs https://neroteam.com Vendor Homepage: https://www.f-logic.jp Software Link: https://www.f-logic.jp/pdf/support/manualproduct/manualproductdatacube3ver1.0sc.pdf Version: Ver1.0 Tested on: DataCube3...

DataCube3 1.0 Shell Upload

Exploit Title: DataCube3 v1.0 - Unrestricted file upload 'RCE' Date: 7/28/2022 Exploit Author: Samy Younsi - NS Labs https://neroteam.com Vendor Homepage: https://www.f-logic.jp Software Link: https://www.f-logic.jp/pdf/support/manualproduct/manualproductdatacube3ver1.0sc.pdf Version: Ver1.0 Test...

DataCube3 v1.0 - Unrestricted file upload 'RCE'

Exploit Title: DataCube3 v1.0 - Unrestricted file upload 'RCE' Date: 7/28/2022 Exploit Author: Samy Younsi - NS Labs https://neroteam.com Vendor Homepage: https://www.f-logic.jp Software Link: https://www.f-logic.jp/pdf/support/manualproduct/manualproductdatacube3ver1.0sc.pdf Version: Ver1.0 Test...

CVE-2024-25830

creationtimestamp| type| source ---|---|--- 2024-03-06 19:16:14+00:00| published-proof-of-concept| https://t.me/proxybar/1934 2024-03-08 10:54:48+00:00| published-proof-of-concept| https://t.me/crackcodes/5331 2024-05-20 21:41:50+00:00| seen| https://t.me/arpsyndicate/4955...

Exploit for Unrestricted Upload of File with Dangerous Type in F-Logic Datacube3

CVE-2024-25830 and CVE-2024-25832 - DataCube3 Improper Access...

CVE-2024-25830

F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the...

CVE-2024-25830

F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the...

CVE-2024-25830

DataCube3 v1.0 suffers from an Incorrect Access Control due to an improper directory access restriction. An unauthenticated remote attacker can exploit this by sending a URI that includes the path of the configuration file, potentially extracting the root and admin passwords . Multiple connected ...

CVE-2023-25830

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and before which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...

CVE-2023-25830

Esri Portal for ArcGIS is affected by a reflected XSS in versions 10.7.1 through 10.9.1. The vulnerability arises from improper handling of crafted links, allowing remote, unauthenticated attackers to cause arbitrary JavaScript execution in a victim’s browser. Remediation: apply the official patc...

CVE-2022-25830

creationtimestamp| type| source ---|---|--- 2022-03-10 20:23:11+00:00| seen| https://t.me/cibsecurity/38705...

CVE-2022-25830

Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows attacker to access password information of connected WiFiAp in the log...

CVE-2022-25830

Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows attacker to access password information of connected WiFiAp in the log...

CVE-2022-25830

CVE-2022-25830 affects Samsung Galaxy Watch3 Plugin prior to version 2.2.09.22012751. The issue is an information exposure where login/password data for a connected WiFi access point can appear in logs. The vulnerability is limited to the Galaxy Watch3 Plugin component and is tied to log handling...

CVE-2021-25830

creationtimestamp| type| source ---|---|--- 2021-03-01 18:43:22+00:00| seen| https://t.me/cibsecurity/24301 2021-10-30 14:32:34+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/4625...

CVE-2021-25830

ONLYOFFICE DocumentServer (core module) v4.2.0.236-v5.6.4.13 contains a file extension handling vulnerability triggered when converting a crafted file from DOCT to DOCX. The issue relies on a chain of two other bugs related to improper string handling and can lead to remote code execution on the ...

FreeBSD : mantis -- multiple vulnerabilities (19259833-26b1-11eb-a239-1c697a013f4b)

Mantis 2.24.3 release reports : This release fixes 3 security issues : - 0027039: CVE-2020-25781: Access to private bug note attachments - 0027275: CVE-2020-25288: HTML Injection on bugupdatepage.php - 0027304: CVE-2020-25830: HTML Injection in bugactiongrouppage.php C Tenable Network Security,...