FMDataAPI Cross-Site Scripting Vulnerability

FMDataAPI is a class of Masayuki Nii personal developer. It is used to access FileMaker databases using the FileMaker Data API. A cross-site scripting vulnerability exists in FMDataAPI version 22 and earlier, which stems from a problem in the file FMDataAPISample.php that can lead to cross-site...

Malicious code in @squareup/data-api.js-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 351c78770a4888af009e5d2270940bb942890cf8ceb18057cf2f33f709ba191a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Stripo Inc: Non-revoked API Key Information disclosure via Stripo_report()

Talking about 983331 reports where a security researcher reported secret API key leakage vulnerability in a JavaScript file at Stripo. This report is disclosed on HackerOne, and the team at Stripo have forgotten to blur the API keys from the report before disclosing it to the public. The API keys...

MAL-2022-1194 Malicious code in aws-data-api-ux (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2e36620b1bbf035669a206034da9186c8aa8a8926a9288ee9fd34545aa6fc9ef Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in aws-data-api-ux (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2e36620b1bbf035669a206034da9186c8aa8a8926a9288ee9fd34545aa6fc9ef Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in data-api.js-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 68057aab80a4b5d9446687fc971935efb298ebbb4631efbd5780649ef2f35ec6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @epc-libraries/data-api-versions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f82fc77aff4c8f44ec626ff023762b926e5407f3b269db521d9006777e956242 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2020-12834

eQ-3 Homematic Central Control Unit CCU2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup or factory...

Important: Red Hat Security Advisory: Red Hat Fuse 7.6.0 security update

A minor version update from 7.5 to 7.6 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted...

PHPMyWind data/api/oauth/connect.php reflective cross-site scripting vulnerability

PHPMyWind is a PHP + MySQL based development , W3C standard building engine . A reflective cross-site scripting vulnerability exists in PHPMyWind data/api/oauth/connect.php. An attacker can exploit the vulnerability to obtain sensitive information such as user cookies...

Cross site scripting

An issue was discovered in PHPMyWind 5.5. The method parameter of the data/api/oauth/connect.php page has a reflected Cross-site Scripting XSS vulnerability...