198 matches found
EUVD-2020-6012
Malware in sbrugna...
EUVD-2020-6011
Malware in sbrugna...
EUVD-2020-6182
Malware in sbrugna...
EUVD-2020-6185
Malware in sbrugna...
EUVD-2020-6183
Malware in sbrugna...
EUVD-2020-6184
Malware in sbrugna...
EUVD-2021-23057
Malware in sbrugna...
EUVD-2020-6226
Malware in sbrugna...
EUVD-2020-6013
Malware in sbrugna...
EUVD-2018-9768
Malware in sbrugna...
EUVD-2021-31142
Malicious code in bioql PyPI...
CVE-2022-28117
A Server-Side Request Forgery SSRF in feedparser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter...
CVE-2021-36454
Cross Site Scripting XSS vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1 backups\backups.php, 2 blocks\blocks.php, 3 brands\brands.php, 4 comments\comments.php, 5 coupons\coupons.php, 6 feeds\feeds.php, 7 functions\functions.php, 8 items\items.php, 9...
CVE-2021-36455
SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php...
CVE-2021-37478
In NavigateCMS version 2.9.4 and below, function block is vulnerable to sql injection on parameter block-order, which results in arbitrary sql query execution in the backend database...
CVE-2020-14015
An issue was discovered in Navigate CMS 2.9 r1433. When performing a password reset, a user is emailed an activation code that allows them to reset their password. There is, however, a flaw when no activation code is supplied. The system will allow an unauthorized user to continue setting a...
CVE-2020-14014
An issue was discovered in Navigate CMS 2.8 and 2.9 r1433. The query parameter fid on the resource navigate.php does not perform sufficient data validation and/or encoding, making it vulnerable to reflected XSS...
CVE-2020-14067
The installfromhash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in checkupload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php...
CVE-2020-14018
An issue was discovered in Navigate CMS 2.9 r1433. There is a stored XSS vulnerability that is executed on the page to view users, and on the page to edit users. This is present in both the User field and the E-Mail field. On the Edit user page, the XSS is only triggered via the E-Mail field;...
CVE-2020-14017
An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well as associated information such as CSRF tokens, are stored in cleartext files in the directory /private/sessions. An unauthenticated user could use a brute-force approach to attempt to identify existing sessions, or view the...