EUVD-2021-22011

Malware in sbrugna...

EUVD-2023-43919

Malicious code in bioql PyPI...

EUVD-2022-3015

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-15569

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/querieshelper.rb via a multi-value field with a crafted value tha...

CVE-2023-3243

UNSUPPORTED WHEN ASSIGNED An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack. Impacted product is BCM-WEB version 3.3.X. Recommended fix: Upgrade to a...

CVE-2023-3243

UNSUPPORTED WHEN ASSIGNED An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack. Impacted product is BCM-WEB version 3.3.X. Recommended fix: Upgrade to a...

GHSA-G4G7-Q726-V5HG Symfony CSRF Token Fixation

An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the...

CVE-2018-16886

etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control RBAC is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name CN which matches a valid RBAC username, a remot...

CVE-2018-16886

etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control RBAC is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name CN which matches a valid RBAC username, a remot...

Joomla! 3.3.x < 3.8.2 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by an authentication bypass and multiple information disclosure vulnerabilities. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

CVE-2018-11406

An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the...

MySQL Enterprise Monitor 3.3.x < 3.3.7.3306 / 3.4.x < 3.4.5.4248 / 4.0.x < 4.0.2.5168 Multiple Vulnerabilities (January 2018 CPU)

According to its self-reported version, the MySQL Enterprise Monitor application running on the remote host is 3.3.x prior to 3.3.7.3306, 3.4.x prior to 3.4.5.4248, or 4.0.x prior to 4.0.2.5168. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch...

OTRS Authenticated Remote Code Execution (OSA-2017-07)

The version of OTRS running on the remote host is 3.3.x prior to 3.3.20, 4.0.x prior to 4.0.26, or 5.0.x prior to 5.0.24. It is, therefore, affected by a remote code execution vulnerability. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid105156; scriptversion"1.4";...

OTRS RCE Vulnerability

OTRS is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:otrs:otrs"; if...

PYSEC-2017-62

Cross-site scripting XSS vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

PYSEC-2017-63

Multiple cross-site scripting XSS vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Joomla! cross-site request forgery vulnerability (CNVD-2015-08379)

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. The system provides RSS feeds , site search and other functions . A cross-site request forgery vulnerability exists in the comtemplates component in Joomla! versions 3.2.0 through...

Appweb 3.1.x / 3.2.x / 3.3.x < 3.3.3 mprUrlEncode Function Heap Overflow Vulnerability

According to its banner, the version of Appweb installed on the remote host is 3.1.x, 3.2.x or 3.3.x earlier than 3.3.3. It is, therefore, potentially affected by a heap-based buffer overflow vulnerability caused by a casting error in the function 'mprUrlEncode' in the file 'src/mpr/mprLib.c'. No...

CVE-2011-3181

Multiple cross-site scripting XSS vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML via a 1 table name, 2 column name, or 3 index name...

phpMyAdmin < 3.3.10.1 / 3.4.1 Multiple Vulnerabilities (PMASA-2011-03 - PMASA-2011-04

The remote host contains a version of phpMyAdmin - 3.3.x less than 3.3.10.1 or 3.4.x less than 3.4.1 - that is affected by multiple vulnerabilities: - The scripts 'tbllinks.php' and 'tbl-tracking' fail to filter input to the 'table' and 'db' parameters. An attacker may be able to exploit this iss...