Lucene search
+L

218 matches found

OSV
OSV
added 2022/06/20 8:21 p.m.6 views

MAL-2022-3435 Malicious code in grabathon-v7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b20bc42c969f96b1d79a146ef18d4b4619bba13d4890a697ac9ad00ea1e332c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:17 p.m.4 views

Malicious code in service-bus-v7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f0430c5da0aed69e8440b355fa123049561313969a9ecc722dd25ee5a82db5b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:17 p.m.10 views

MAL-2022-6028 Malicious code in service-bus-v7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f0430c5da0aed69e8440b355fa123049561313969a9ecc722dd25ee5a82db5b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:11 p.m.2 views

Malicious code in discord.js-selfbot-v7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 285cfcdcbedb764ff3e87b50b041c8a5e05a005039a4802dc24bf53d177764dc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/04/28 12:0 a.m.60 views

Siemens PROFINET Stack Integrated on Interniche Stack Uncontrolled Resource Consumption (CVE-2022-25622)

A vulnerability has been identified in SIMATIC CFU DIQ All versions, SIMATIC CFU PA All versions, SIMATIC S7-1500 CPU family incl. related ET200 CPUs and SIPLUS variants All versions V2.0.0, SIMATIC S7-300 CPU family incl. related ET200 CPUs and SIPLUS variants All versions, SIMATIC S7-400 H V6 C...

7.5CVSS7.1AI score0.00849EPSS
Exploits0References3
0day.today
0day.today
added 2022/03/30 12:0 a.m.225 views

Drupal avatar_uploader v7.x-1.0-beta8 - Cross Site Scripting Vulnerability

Exploit Title: Drupal avataruploader v7.x-1.0-beta8 - Cross Site Scripting XSS Author: Milad karimi Software Link: https://www.drupal.org/project/avataruploader Version: v7.x-1.0-beta8 Tested on: Windows 10 CVE: N/A 1. Description: This plugin creates a avataruploader from any post types. The...

7.4AI score
Exploits0
Veracode
Veracode
added 2022/02/16 6:59 a.m.24 views

Information Disclosure

IBM MQ is vulnerable to information disclosure. The vulnerability exists due to a data leak from an error message within the pre-v7 pubsub logic...

4.3CVSS1.5AI score0.00748EPSS
Exploits0References4Affected Software3
NVD
NVD
added 2021/12/27 9:15 p.m.24 views

CVE-2020-20943

A Cross-Site Request Forgery CSRF in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL...

4.3CVSS0.00382EPSS
Exploits1References1
NVD
NVD
added 2021/12/27 9:15 p.m.17 views

CVE-2020-20946

Qibosoft v7 contains a stored cross-site scripting XSS vulnerability in the component /admin/index.php?lfj=friendlink&action=add...

5.4CVSS0.00602EPSS
Exploits1References2
NVD
NVD
added 2021/12/27 9:15 p.m.22 views

CVE-2020-20944

An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files...

9.1CVSS0.01958EPSS
Exploits1References3
NVD
NVD
added 2021/12/27 9:15 p.m.20 views

CVE-2020-20945

A Cross-Site Request Forgery CSRF in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts...

8.8CVSS0.00555EPSS
Exploits1References2
Prion
Prion
added 2021/12/27 9:15 p.m.16 views

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts...

6.8CVSS8.7AI score0.00555EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/12/27 9:15 p.m.15 views

Design/Logic Flaw

An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files...

6.4CVSS9AI score0.01958EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2021/12/27 9:15 p.m.18 views

Cross site scripting

Qibosoft v7 contains a stored cross-site scripting XSS vulnerability in the component /admin/index.php?lfj=friendlink&action=add...

3.5CVSS5.2AI score0.00602EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/12/27 9:15 p.m.18 views

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL...

4.3CVSS4.6AI score0.00382EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/12/27 8:32 p.m.21 views

CVE-2020-20946

Qibosoft v7 contains a stored cross-site scripting XSS vulnerability in the component /admin/index.php?lfj=friendlink&action=add...

5.3AI score0.00602EPSS
Exploits1References2
CVE
CVE
added 2021/12/27 8:32 p.m.55 views

CVE-2020-20946

CVE-2020-20946 affects Qibosoft v7 (CMS) with a stored XSS vulnerability in the admin path /admin/index.php?lfj=friendlink&action=add. The root cause is input data not validated in the friendlink/add handler, enabling injected client-side script execution. CVSS metrics indicate a Low to Medium ov...

5.4CVSS5.2AI score0.00602EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/12/27 8:32 p.m.18 views

CVE-2020-20945

A Cross-Site Request Forgery CSRF in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts...

8.8AI score0.00555EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/12/27 8:32 p.m.22 views

CVE-2020-20944

An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files...

9.2AI score0.01958EPSS
Exploits1References3
CVE
CVE
added 2021/12/27 8:32 p.m.65 views

CVE-2020-20944

Qibosoft v7 is affected by an arbitrary file deletion vulnerability via /admin/index.php?lfj=mysql&action=del. The root cause is the action=del parameter enabling deletion, as described in PT-2021-10556. Impact: potential unauthorized file removal. Remediation: restrict access to the /admin/index...

9.1CVSS9.1AI score0.01958EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder