MAL-2022-574 Malicious code in @sbbol/web-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 338db4a26c9d2e2274bc307535c80ffa1947e3edfffa86a3404e29dd82e30107 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @sbbol/web-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 338db4a26c9d2e2274bc307535c80ffa1947e3edfffa86a3404e29dd82e30107 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2021-21924

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘descfilter’ parameter...

openSUSE 15 Security Update : civetweb (openSUSE-SU-2021:1424-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1424-1 advisory. - The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based fi...

CVE-2020-27304

CVE-2020-27304 relates to CivetWeb’s form-based file upload handling: when running on non-Windows OS, uploaded file paths are not validated, enabling directory traversal if a web app uses user-controlled filename segments in output paths. Public sources in connected docs tie this to Siemens SCALA...

hyper crate for Rust environment issue vulnerability

hyper crate for Rust is a Rust-based HTTP library. An environmental issue vulnerability exists in hyper crate for Rust that arises from an unreasonable environmental factor in a networked system or product...

ohioweblibrary.org Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1175805 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

CVE-2019-13507

hidea.com AZ Admin 1.0 has newsdet.php?cod= SQL Injection...

GHSA-MC23-976P-J42X xterm vulnerable to remote code execution

A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters...

CVE-2018-9238

proberv.php in Yahei-PHP Proberv 0.4.7 has XSS via the funName parameter...

CVE-2017-17583

FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords parameter...

paFileDB 3.1 Cross Site Scripting

you can copy the exploit source from : http://www.hell-z0ne.org/pafiledb.txt + |ViRuSHiMa@YouR SyS|\ + ||||\ + ||||""|", + ||||""|"||| + " @''@""""""|@@@ +======================================================================|| Title : paFileDB 3.1 Xss Vuln as Redirecting Method . || ! Author :...

CVE-2007-5628

PHP remote file inclusion vulnerability in src/scripture.php in The Online Web Library Site TOWels 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the pageHeaderFile parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in src/scripture.php in The Online Web Library Site TOWels 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the pageHeaderFile parameter...

CVE-2007-5628

PHP remote file inclusion vulnerability in src/scripture.php in The Online Web Library Site TOWels 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the pageHeaderFile parameter...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication. The connect method in lib/net/http.rb in the 1 Net::HTTP and 2 Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName CN field in a server certificate matches the domain name in an HTTP...