EUVD-2019-10775

Malware in sbrugna...

EUVD-2019-10776

Malware in sbrugna...

Update of ca-certificates

update to CKBI 2.58 from NSS 3.67 - removed old certificates: - Certificate "Camerfirma Global Chambersign Root" - Certificate "Cybertrust Global Root" - Certificate "Equifax Secure eBusiness CA 1" - Certificate "Equifax Secure Global eBusiness CA" - Certificate "Explicitly Distrusted DigiNotar...

PT-2022-13717 · Unknown · Livehelperchat

Name of the Vulnerable Software and Affected Versions: LiveHelperChat versions prior to 3.67 Description: The issue allows an attacker to bypass the SSRF filter on ports 80 and 433, making the application perform arbitrary requests. Recommendations: For versions prior to 3.67, update to version...

Update of ca-certificates

remove old certificate - Removing: - Certificate "DST Root CA X3" - Update to CKBI 2.50 from NSS 3.67 - Update to CKBI 2.48 from NSS 3.66 - Removing: - Certificate "Verisign Class 3 Public Primary Certification Authority - G3" - Certificate "GeoTrust Global CA" - Certificate "GeoTrust Universal...

Fix of CVE: CVE-2021-43527

CVE-2021-43527: Fix memory corruption in decodeECorDsaSignature with DSA signatures and RSA-PSS - Update to CKBI 2.50 from NSS 3.67 - Removing: - Certificate "Verisign Class 3 Public Primary Certification Authority - G3" - Certificate "AddTrust Low-Value Services Root" - Certificate "AddTrust...

CVE-2020-15308

Support Incident Tracker aka SiT! or SiTracker 3.67 p2 allows post-authentication SQL injection via the siteedit.php typeid or site parameter, the searchincidentsadvanced.php searchtitle parameter, or the reportqbe.php criteriafield parameter...

CVE-2019-20222

In Support Incident Tracker SiT! 3.67, the Short Application Name and Application Name inputs in the config.php page are affected by XSS...

CVE-2019-20222

In Support Incident Tracker SiT! 3.67, the Short Application Name and Application Name inputs in the config.php page are affected by XSS...

CVE-2019-20223

CVE-2019-20223 is an XSS flaw in Support Incident Tracker (SiT!) 3.67 where the id parameter is reflected across endpoints that use it. Red Hat’s advisory reiterates the XSS in SiT! 3.67, tied to CVE-2012-2235, with no details on patches within the provided documents. The OpenVAS entry references...

CVE-2019-20223

In Support Incident Tracker SiT! 3.67, the id parameter is affected by XSS on all endpoints that use this parameter, a related issue to CVE-2012-2235...

CVE-2019-13447

An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could access the backend database via SQL injection...

ua367XSS.txt

Hello! I've found a XSS in Ultimate Auction alert"XSS" http://www.ultimate-auction.de/cgi-local/auktion/itemlist.pl?category=alert"XSS" The bug has the BID 16239...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Ultimate Auction 3.67 allow remote attackers to inject arbitrary web script or HTML via the 1 item parameter in item.pl and 2 category parameter in itemlist.pl, which reflects the XSS in an error message. NOTE: the affected version might be wro...

Ultimate Auction 3.67 - ItemList.pl Cross-Site Scripting

source: https://www.securityfocus.com/bid/16254/info Ultimate Auction is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the...

Ultimate Auction 3.67 - Item.pl Cross-Site Scripting

Ultimate Auction 3.67 - Item.pl Cross-Site Scripting source: https://www.securityfocus.com/bid/16239/info Ultimate Auction is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this...

Ultimate Auction 3.67 - Item.pl Cross-Site Scripting

source: https://www.securityfocus.com/bid/16239/info Ultimate Auction is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the...