CVE-2024-47003

Mattermost versions 9.11.x = 9.11.0 and 9.5.x = 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend...

Acronis Cyber Protect 跨站脚本漏洞

Acronis Cyber Protect is an all-in-one cyber protection solution for business and enterprise from Acronis Switzerland. It combines backup, anti-malware, network security and endpoint management features e.g. vulnerability assessment, URL filtering, patch management, etc.. A cross-site scripting...

PT-2023-32289 · Unknown · Vue.Js Devtools Extension

Name of the Vulnerable Software and Affected Versions: Vue.js Devtools extension affected versions not specified Description: The Vue.js Devtools extension leaks screenshot data back to a malicious web page via the standard postMessage API. This occurs when a malicious web page with an iFrame...

Vue.js vue-devtools Access Control Error Vulnerability

vue-devtools is a browser development tools extension for debugging Vue.js applications. A security vulnerability exists in Vue.js vue-devtools, which stems from the fact that the extension was found to leak screenshot data back to a malicious web page, postMessage, via the standard API...

New Vulnerability in Popular Widget Shows Risks of Third-Party Code

UPDATE: Snyk has recently addressed 2 additional vulnerabilities we have reported to them, CVE-2022-24441 and CVE-2022-22984, affecting versions of Snyk CLI before XXX, which leads to arbitrary code execution when scanning untrusted Maven or Gradle projects. Similar to CVE-2022-40764 these...

ACCEL-PPP 缓冲区错误漏洞

ACCEL-PPP is a high performance Pptp/L2tp/Pppoe/Ipoe server for Linux. A security vulnerability exists in ACCEL-PPP version 1.12.0, which stems from an out-of-bounds read in postmsg when processing callclearrequest...

CVE-2019-4301

BigFix Self-Service Application SSA is vulnerable to arbitrary code execution if Javascript code is included in Running Message or Post Message HTML...

CVE-2019-4301

BigFix Self-Service Application SSA is vulnerable to arbitrary code execution if Javascript code is included in Running Message or Post Message HTML...

vBulletin install upgrade.php Privilege Escalation (CVE-2013-6129)

A privilege escalation vulnerability has been reported in vBulletin. A remote attacker may exploit this issue by sending a specially crafted POST message to the "install/upgrade.php" component of the server via the customerid, htmldatapassword, htmldataconfirmpassword, and htmldataemail parameter...

VBulletin Content Management System Administrator Injection Remote Code Execution

A remote code execution vulnerability has been reported in VBulletin Content Management System. A remote attacker may exploit this issue by sending specially crafted POST message to the target server. Exploitation of this vulnerability may result in remote code execution...

Google: Spyware Found, Removed from Android Market

Google says it has suspended a number of suspicious applications from the Android Market after researchers at NC State announced they had discovered a new and particularly stealthy piece of spyware, dubbed “Plankton,” lurking in Android applications there. According to a report by computer scienc...

Google Chrome multiple vulnerabilities - Dec 10(Windows)

The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulndec10win.nasl 5306 2017-02-16 09:00:16Z teissa $ Google Chrome multiple vulnerabilities - Dec 10Windows Authors: Sooraj KS Copyright: Copyright c 2010 Greenbone Networ...

Sql injection

Multiple SQL injection vulnerabilities in Tamber Forum 1.9.13 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 frmid parameter to a showforum.asp, 2 a search field to b forumsearch.asp, 3 Email address or 4 Password to c admin/index.asp, 5 frmcatid parameter to d...