232 matches found
CVE-2020-4879
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847...
CVE-2020-4879
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847...
CVE-2020-4879
CVE-2020-4879 affects IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2, where improper validation of authentication cookies could allow a remote attacker to bypass security restrictions. Connected sources confirm the vulnerability is tied to cookie handling and describe the remediation: IBM Cogno...
Crime Shop Sells Hacked Logins to Other Crime Shops
Up for the "Most Meta Cybercrime Offering" award this year is Accountz Club, a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming tools, email and phone bombing services, and tho...
WordPress Pie Register 3.7.1.4 Plugin - Admin Privilege Escalation Vulnerability
Exploit Title: WordPress Plugin Pie Register 3.7.1.4 - Admin Privilege Escalation Unauthenticated Google Dork: inurl:/plugins/pie-register/ Exploit Author: Lotfi13-DZ Vendor Homepage: https://wordpress.org/plugins/pie-register/ Software Link:...
Vulnerability fixed in IBM Aspera
A vulnerability has been fixed in IBM Aspera. The vulnerability allows a remote malicious party to perform a Cross-Site Scripting attack and thereby steal authentication cookies. IBM has released updates to fix the vulnerability. More information can be found on the page below:...
FileBrowser Cross-Site Scripting Vulnerability (CNVD-2025-22709)
FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser suffers from a cross-site scripting vulnerability that is caused by improper validation of...
Unspecified Vulnerability in Wordpress MStore API
Wordpress MStore API is Wordpress open source an application plugin . Provides a configuration for Mstore, FluxStore mobile devices and support RestAPI to connect to the application features . MStore API WordPress plugin version 3.2.0 before the existence of a security vulnerability that can be...
Triconsole Datepicker Calendar Cross-Site Scripting Vulnerability
Triconsole Datepicker Calendar is a Triconsole open source application. Provides a calendar component . A cross-site scripting vulnerability exists in Triconsole Datepicker Calendar prior to version 3.77, which stems from calendarform.php not fully validating user input, which allows an attacker ...
CVE-2021-27330
Triconsole Datepicker Calendar 3.77 is affected by cross-site scripting XSS in calendarform.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents...
CVE-2021-27330
Triconsole Datepicker Calendar 3.77 is affected by cross-site scripting XSS in calendarform.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents...
Cross site scripting
Triconsole Datepicker Calendar 3.77 is affected by cross-site scripting XSS in calendarform.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents...
CVE-2021-27330
Triconsole Datepicker Calendar 3.77 is affected by cross-site scripting XSS in calendarform.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents...
Triconsole Datepicker Calendar 跨站脚本漏洞
Triconsole Datepicker Calendar is a Triconsole open source application. Provides a calendar component . A cross-site scripting vulnerability exists in Triconsole Datepicker Calendar prior to version 3.77, which stems from calendarform.php not fully validating user input, which allows an attacker ...
Fiber Encryption Problem Vulnerability
Fiber is an open source web framework written in the Go language . An encryption issue vulnerability exists in FiberHome HG6245D, which can be exploited by an attacker to find passwords and authentication cookies stored in plaintext on the device...
CVE-2021-27140
An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to find passwords and authentication cookies stored in cleartext in the web.log HTTP logs...
CVE-2021-27140
FiberHome HG6245D devices (via RP2613) are affected by CVE-2021-27140: passwords and authentication cookies are stored in cleartext in web.log HTTP logs. The connected sources confirm the affected product and root cause (cleartext credential exposure in logs); exploitation details and specific re...
FiberHome HG6245D devices 加密问题漏洞
Fiber is an open source web framework written in the Go language . An encryption issue vulnerability exists in FiberHome HG6245D, which can be exploited by an attacker to find passwords and authentication cookies stored in plaintext on the device...
BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting
Title: BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting Exploit Author: LiPeiYi Date: 2020-12-18 Vendor Homepage: https://www.bloofox.com/ Software Link: https://github.com/alexlang24/bloofoxCMS/releases/tag/0.5.2.1 Version: 0.5.1.0 -.5.2.1 Tested on: windows 10 Vulnerable paper:...
CVE-2020-24902
Quixplorer =2.4.1 is vulnerable to reflected cross-site scripting XSS caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web...