FUXA SQL Injection Vulnerability

FUXA is an open source web-based process visualization SCADA/HMI/Dashboard software. A security vulnerability exists in FUXA version 1.1.12 and earlier, which stems from vulnerability to SQL injection attacks via /api/signin...

CVE-2023-31719

CVE-2023-31719 affects FUXA versions ≤ 1.1.12, with a SQL Injection vulnerability exploitable via the /api/signin endpoint. The Red Hat, GHSA, and OSV listings corroborate the same flaw and its association to FUXA’s signin API. The core impact is high (CVE metrics show P t high across confidentia...

CVE-2023-31719

FUXA = 1.1.12 is vulnerable to SQL Injection via /api/signin...

Webkul Qloapps 1.5.2 - Cross-Site Scripting Vulnerability

Exploit Title: Webkul Qloapps 1.5.2 - Cross-Site Scripting XSS Exploit Author: Astik Rawat ahrixia Vendor Homepage: https://qloapps.com/ Software Link: https://github.com/webkul/hotelcommerce Version: 1.5.2 Tested on: Kali Linux 2022.4 CVE : CVE-2023-30256 Description: A Cross Site Scripting XSS...

SUSE CVE-2013-6634

The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/oneclicksigninhelper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper...

SUSE CVE-2013-6643

The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/oneclicksigninbubbleview.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handli...

CVE-2022-24188

The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct...

CVE-2022-24188

The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct...

Shenzhen Fujia Technology OurPhoto 安全漏洞

Shenzhen Fujia Technology OurPhoto is a cloud photo frame software from Shenzhen Fujia Technology, China. It allows you to share photos and video files directly on your cell phone. A security vulnerability exists in Shenzhen Fujia Technology OurPhoto version 1.4.1, which originates from its...

CVE-2022-3058

Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction...

NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails

Impact next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.: [email protected],[email protected] to the sign-in endpoint, NextAuth.js would send emails to...

CVE-2022-30628

It was possible to download all receipts without authentication. Must first access the API https://XXXX.supersmart.me/services/v4/customer/signin to get a TOKEN. Then you can then access the API that provides invoice images based on the URL...

Malicious code in pseudo-loc-for-signin-widget (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d100c05109c3b4d84fa03d2463e93fb0b235b5e8f13d497016d190fdbcfc1da Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5506 Malicious code in pseudo-loc-for-signin-widget (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d100c05109c3b4d84fa03d2463e93fb0b235b5e8f13d497016d190fdbcfc1da Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in courage-for-signin-widget (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 651ba90b6cbf4d05699e79773d63de9bb241b1d23330c1d88b9c2032e8bd52ce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2215 Malicious code in courage-for-signin-widget (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 651ba90b6cbf4d05699e79773d63de9bb241b1d23330c1d88b9c2032e8bd52ce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2021-41825

Verint Workforce Optimization WFO 15.2.5.1033 allows HTML injection via the /wfo/control/signin username parameter...

Verint Systems Verint Workforce Optimization 跨站脚本漏洞

Verint Systems Verint Workforce Optimization WFO is an employee performance management solution from Verint Systems, Inc. The product supports workforce management, call logging, automated quality management, performance management, text and desktop analytics, etc. An injection vulnerability exis...

CVE-2021-25499

Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store...

Samsung Galaxy Store 授权问题漏洞

Samsung Mobile Samsung Galaxy Store is an application store of Samsung Mobile, a South Korean company. A security vulnerability in SamsungAccountSDKSigninActivity in Samsung Galaxy Store versions prior to 4.5.32.4 allows an attacker to exploit the vulnerability to access the Galaxy Store's conten...