1939 matches found
PT-2019-5226 · Cacti +2 · Cacti +2
Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.8 Description: The issue affects how template identifiers are handled in Cacti when a string and a composite id value are used. This can be exploited by an authenticated attacker to extract data from the database...
LibreNMS SQL Injection Vulnerability (CNVD-2019-32210)
LibreNMS is a PHP/MYSQL/SNMP-based open source monitoring tool . An SQL injection vulnerability exists in ajaxrulesuggest.php in LibreNMS 1.50.1, which can be exploited by an authenticated attacker to corrupt database queries in order to extract or manipulate data...
SQL injection vulnerability in the S_show parameter of the aj***.php page of the S-CMS school website builder system
S-CMS school station building system is Zibo Shining Network Technology Co., Ltd. developed a specialized enterprise station building solutions for the product. S-CMS school website builder system aj.php page Sshow parameter SQL injection vulnerability, an attacker can use the vulnerability to...
Malicious Package
Overview Version 0.9.2 of slush-fullstack-framework contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your...
Malicious Package
Overview Version 1.1.3 of pensi-scheduler contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's...
Malicious Package
Overview Version 0.0.26 of ngx-context-menu contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It...
Malicious Package
Overview Version 1.0.6 of @fangrong/xoc contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's...
Malicious Package
Overview Version 1.0.2 of uploader-plugin contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's...
Shopify: Inject page in admin panel via Shopify.API.pushState
Summary Shopify.API.pushState call the method handleRoutePushEvent, allows you to change routes to open pages from admin panel: js handleRoutePushEventpathname: e, search: t, state: a, hash: o const adminPath: n, history: i = this.props // adminPath = /admin , s = "".concatn.concate; // // If we...
Improper access control
Out of bound access when reason code is extracted from frame data without validating the frame length in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607,...
Design/Logic Flaw
In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey" on the "alldocs" endpoint. By issuing nested queri...
CVE-2019-9039
The CVE-2019-9039 issue affects Couchbase Sync Gateway 2.1.2, where an attacker with access to the public REST API could inject additional N1QL statements via the startkey/endkey parameters on the _all_docs endpoint. The underlying vulnerability is a N1QL injection that could disclose sensitive d...
Malicious Package
grunt-radic contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...
Malicious Package
leaflet-gpx contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...
Malicious Package
angular-location-update contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...
Malicious Package
ember-power-timepicker contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...
Malicious Package
react-datepicker-plus contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...
Malicious Package
Overview Version 1.1.5 of ngx-pica contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and...
Malicious Package
Overview Versions 2.4.3 and 2.4.2 of react-datepicker-plus contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from yo...
Malicious Package
Overview Version 1.0.2 of radic-util contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and...