38 matches found
EUVD-2008-6784
Malware in sbrugna...
EUVD-2008-6783
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2022-24918
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated user can create a link with reflected Javascript code inside it for items' page and send it to other users. The payload can be executed only wi...
CVE-2025-54144 Internal Firefox open-text URL scheme allowed loading of arbitrary URLs
The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link. This vulnerability was fixed in Firefox for iOS 141...
CVE-2024-10922
...
CVE-2024-9353
The Popularis Extra plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-8850 MC4WP: Mailchimp for WordPress 4.9.9 - 4.9.16 - Reflected Cross-Site Scripting
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email' parameter when a placeholder such as email is used for the field in versions 4.9.9 to 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible f...
CVE-2024-8622
The CVE-2024-8622 entry concerns the amCharts: Charts and Maps plugin for WordPress. Affected versions are
royalevent.themerex.net Cross Site Scripting vulnerability OBB-2773539
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
easuransi-simulasi.rsbindramayu.id Cross Site Scripting vulnerability OBB-2561280
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Elastic Kibana X-Pack Open Redirect Vulnerability
Elastic Kibana is prone to an open redirect vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elastic:x-pack";...
Starting Page 1.3 - 'category' SQL Injection
Exploit Title: Starting Page 1.3 "Add a Link" - SQL Injection Date: 11-01-2017 Software Link: http://software.friendsinwar.com/downloads.php?catid=2&downloadid=11 Exploit Author: Ben Lee Contact: [email protected] Category: webapps Tested on: Win7 1. Description The vulnerable file is...
PHPSelect Submit-A-Link HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17348/info Submit-A-Link is prone to an HTML-injection vulnerability. The script fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code woul...
XSS vulnerability in 'Share a link' blueprint
Open the Create dialog - Select "Share a Link" article - In the 'Topics' field, enter an attack string such as: alert"hello" =The script will be executed...
XSS vulnerability in 'Share a link' blueprint
Open the Create dialog - Select "Share a Link" article - In the 'Topics' field, enter an attack string such as: alert"hello" =The script will be executed...
XSS vulnerability in 'Share a link' blueprint
Open the Create dialog - Select "Share a Link" article - In the 'Topics' field, enter an attack string such as: alert"hello" =The script will be executed...
Default credentials
The management interface on the A-LINK WL54AP3 and WL54AP2 access points has a blank default password for the admin account, which makes it easier for remote attackers to obtain access...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the management interface on the A-LINK WL54AP3 and WL54AP2 access points before firmware 1.4.2-eng1 allow remote attackers to hijack the authentication of administrators for requests that 1 modify the network configuration via certain...
CVE-2008-6823
Multiple cross-site request forgery CSRF vulnerabilities in the management interface on the A-LINK WL54AP3 and WL54AP2 access points before firmware 1.4.2-eng1 allow remote attackers to hijack the authentication of administrators for requests that 1 modify the network configuration via certain...
CVE-2008-6824
CVE-2008-6824 affects the A-LINK WL54AP3 and WL54AP2 access points where the management interface uses a blank default admin password. This allows remote attackers to obtain full access via a network attack. The NVD entry documents a base score of 10.0 (HIGH) with network, low complexity, and no ...