17 matches found
PT-2026-3595
A reflected cross-site scripting xss vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
CVE-2025-64781
In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External page display restriction" is set to "Do not limit" in the initial configuration. With this configuration, the user may be redirected to an arbitrary website...
EUVD-2010-1234
Malware in sbrugna...
EUVD-2002-1374
Malware in sbrugna...
EUVD-2022-2751
Malicious code in bioql PyPI...
EUVD-2022-1436
Malicious code in bioql PyPI...
CVE-2024-6446
An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2. A crafted URL could be used to trick a victim to trust an attacker controlled application...
CVE-2025-27914
An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0 and 10.1. A Reflected Cross-Site Scripting XSS vulnerability exists in the /h/rest endpoint, allowing authenticated attackers to inject and execute arbitrary JavaScript in a victim's session. Exploitation requires a valid auth token...
F5 BIG-IQ 跨站脚本漏洞
F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, and load balancing from F5 USA. A cross-site scripting vulnerability exists in BIG-IQ, which could be exploited by an attacker using a specially crafted URL to reflect...
Horde_Image Denial of Service Vulnerability
HordeImage is an image editing package from Horde USA, which can provide color highlighting, image effect editing and other functions. A denial of service vulnerability exists in version 2.x of HordeImage prior to 2.5.0. An attacker can exploit this vulnerability to cause a denial of service with...
IBM QRadar SIEM Web UI Cross-Site Scripting Vulnerability
IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A cross-site...
MGASA-2015-0232 Updated phpmyadmin packages fix security vulnerabilities
Updated phpmyadmin package fixes security vulnerabilities: In phpMyAdmin before 4.2.13.3, by deceiving a user to click on a crafted URL, it is possible to alter the configuration file being generated with phpMyAdmin setup CVE-2015-3902. In phpMyAdmin before 4.2.13.3, a vulnerability in the API ca...
Surfboard HTTPd 1.1.9 - Remote Buffer Overflow (PoC)
source: https://www.securityfocus.com/bid/9299/info It has been reported that Surfboard httpd is prone to a remote buffer overflow condition that may allow an attacker to gain unauthorized access to a system running the vulnerable software. The issue presents itself when an attacker sends a...
Working Resources BadBlue 1.2.7 - Full Path Disclosure
source: https://www.securityfocus.com/bid/2390/info Requesting a specially crafted URL to a machine running Working Resources BadBlue, will disclose the physical path to the root directory. http://target/ext.dll will result in: Error: opening c:\program files\badblue\pe\default.htx 2...
Way-Board 2.0 - File Disclosure
Way-Board 2.0 - File Disclosure source: https://www.securityfocus.com/bid/2370/info A remote user could gain read access to known files outside of the root directory where Way-Board resides. Requesting a specially crafted URL composed of '%00' sequences along with the known filename will disclose...
soft lite serverworx 3.0 - Directory Traversal
soft lite serverworx 3.0 - Directory Traversal source: https://www.securityfocus.com/bid/2346/info It is possible for a remote user to gain read access to directories and files outside the root directory of ServerWorx. Requesting a specially crafted URL composed of '../' or '.../' sequences will...
PALS Library System WebPALS 1.0 - 'pals-cgi' Arbitrary Command Execution
source: https://www.securityfocus.com/bid/2372/info A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS. This vulnerability will also allow an attacker to execute arbitrary code with root privileges...