MINI-QGXG-9738-8PQ6

Bulletin has no description...

EUVD-2020-7614

Malware in sbrugna...

MAL-2025-9738 Malicious code in @zalastax/nolb-_aik (npm)

The package @zalastax/nolb-aik was found to contain malicious code...

CVE-2020-15627

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmailautoreply.php. When parsing the account parameter, th...

Oracle Linux 7 : squid (ELSA-2024-9738)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-9738 advisory. 7:3.5.20-17.0.3 - Disable ESI support CVE-2024-45802Orabug: 37289058 Tenable has extracted the preceding description block directly from the Oracle Linux securi...

CVE-2024-9738

creationtimestamp| type| source ---|---|--- 2024-10-11 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-24-1341/...

Adobe Experience Manager 6.2.x <= 6.2 SP1-CFP20 / 6.3.x <= 6.3.3.8 / 6.4.x < 6.4.8.2 / 6.5.x < 6.5.6.0 (APSB20-56)

The version of Adobe Experience Manager installed on the remote host is 6.2.x through 6.2 SP1-SFP20, 6.3.x through 6.3.3.8, 6.4.x prior to 6.4.8.2, or 6.5.x prior to 6.5.6.0. It is, therefore, affected by multiple vulnerabilities: - Adobe Experience Manager executes with unnecessary privileges,...

CVE-2020-9738

CVE-2020-9738 is a stored XSS in Adobe Experience Manager (AEM). Affected versions: AEM 6.5.5.0 and earlier, 6.4.8.1 and earlier, 6.3.3.8 and earlier, and 6.2 SP1-CFP20 and earlier. The vulnerability affects the Content Repository Development Environment and allows storing malicious scripts in ce...

Design/Logic Flaw

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmailautoreply.php. When parsing the account parameter, th...

CVE-2020-15627

Affected product: CentOS Web Panel (cwp-e17.0.9.8.923). Vulnerable component: ajax_mail_autoreply.php. Root cause: improper validation when using the user-supplied account parameter to construct SQL queries, enabling information disclosure. Impact: remote attackers can disclose sensitive informat...

CVE-2019-9738

jimmykuu Gopher 2.0 has DOM-based XSS via vectors involving the 'EMBED SRC="data:image/svg+xml' substring...

CVE-2019-9738

CVE-2019-9738 affects jimmykuu Gopher 2.0 and is a DOM-based XSS triggered via an embedded SVG payload in an EMBED SRC="data:image/svg+xml" string. Root cause: DOM-based XSS in the client-side handling of embeds. Impact is described by CVSS metrics in the sources: CVSS v2 base score 4.3 (Network,...

CVE-2019-9738

jimmykuu Gopher 2.0 has DOM-based XSS via vectors involving the 'EMBED SRC="data:image/svg+xml' substring...

CVE-2016-9738

CVE-2016-9738 affects IBM QRadar SIEM where default password requirements are weak, facilitating account compromise. IBM security bulletin confirms affected versions: QRadar SIEM 7.2.0–7.2.8 Patch 6 and 7.3.0–7.3.0 Patch 1. The root cause is that strong passwords were not required by default. Imp...

CVE-2014-9738

The CVE-2014-9738 entry concerns the Drupal contributed Tournament module (7.x-1.x) with XSS in three fields: account username, node title, and team entity title, affecting all 7.x-1.x versions prior to 7.x-1.2. The root cause is cross-site scripting in display of user-provided strings, exploitab...

SA-CONTRIB-2014-114 - Tournament - Cross Site Scripting

This project allows you to create various types of tournaments as nodes and associated teams, tournaments, and matches. There are several cases in the project where an account username, node title, and team entity title are not correctly filtered before being displayed to a user. It is possible t...