SUSE CVE-2023-46575

A SQL injection vulnerability exists in Meshery prior to version v0.6.179, enabling a remote attacker to retrieve sensitive information and execute arbitrary code through the “order” parameter...

CVE-2026-31262

CVE-2026-31262 is a Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform (SB2) version 2.0. The entry states that a remote attacker can obtain sensitive information and execute arbitrary code via a URL parameter. Connected documents consistently describe the issue as XSS in ...

Hackers Use Fake Invoices to Spread XWorm RAT via Office Files

Hackers are sending fake invoice emails with malicious Office files that install the XWorm RAT on Windows systems, allowing full remote access and data theft. Learn how the shellcode and process injection are used to steal data, and how to stay safe from this persistent threat...

Code-Projects Wazifa System 注入漏洞

Wazifa System is a content management system. Wazifa System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the /controllers /control.php file. An attacker can exploit this vulnerability to execute illegal SQL commands t...

Hathway Router CM5100 Cross-Site Scripting Vulnerability

Hathway Router is a router from Hathway India. The Hathway Router CM5100 suffers from a cross-site scripting vulnerability that stems from multiple vulnerabilities in the router, which could allow a remote attacker to perform a stored cross-site scripting XSS attack, obtain sensitive information,...

SUSE CVE-2003-0279

Multiple SQL injection vulnerabilities in the WebLinks module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using 1 the viewlink function and cid parameter, or 2 index.php...

SUSE CVE-2005-2264

Firefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the search target, then injecting script into other pages via a data: URL...

QNAP Systems 多款产品跨站脚本漏洞

QNAP Systems QUTS Hero and QNAP QuTScloud are both products of China Weilian QNAP Systems.QUTS Hero is a NAS operating system for file management. The system retains the application ecosystem of QTS and integrates the more powerful 128-bit ZFS file system to provide enterprises with a more stable...

Adobe Acrobat and Reader Out-of-Bounds Write (APSB19-18: CVE-2019-7825)

An out of bounds write vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information...

Pulse Secure Virtual Traffic Manager Cross-Site Scripting Vulnerability

Pulse Secure Virtual Traffic Manager is a software-based, high-performance application delivery controller from Pulse Secure, USA. A cross-site scripting vulnerability exists in the web management user interface in Pulse Secure Virtual Traffic Manager versions 9.9 prior to 9.9r2 and versions prio...

CVE-2018-5319

RAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP request...

CVE-2017-9458

XML external entity XXE vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or...

Design/Logic Flaw

administration.jsp in Cisco SocialMiner allows remote attackers to obtain sensitive information by sniffing the network for HTTP client-server traffic, aka Bug ID CSCuh76780...

Hackers can sniff keystrokes from thin air

By Elinor Mills, CNET Presenters at the CanSecWest security conference detailed on Thursday how they can sniff data by analyzing keystroke vibrations using a laser trained on a shiny laptop or through electrical signals coming from a PC connected to a PS/2 keyboard and plugged into a socket. Usin...

DEBIAN-CVE-2007-2383

The Prototype prototypejs framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and...

PT-2007-3711 · Google · Google Web Toolkit

Name of the Vulnerable Software and Affected Versions: Google Web Toolkit GWT affected versions not specified Description: The issue concerns the exchange of data using JavaScript Object Notation JSON without proper protection, allowing remote attackers to obtain the data. This can be achieved...

CVE-2004-0036

SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information via the eventid parameter...