26 matches found
CVE-2022-26121
An exposure of resource to wrong sphere vulnerability CWE-668 in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via...
EUVD-2012-5099
Malware in sbrugna...
EUVD-2012-5098
Malware in sbrugna...
EUVD-2013-1563
Malware in sbrugna...
EUVD-2024-29375
Malicious code in bioql PyPI...
CVE-2024-31495
A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiPortal versions 7.0.0 through 7.0.6 and version 7.2.0 allows privileged user to obtain unauthorized information via the report download functionality...
CVE-2012-5175
Cross-site scripting XSS vulnerability in KENT-WEB ACCESS REPORT 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to access-log data...
CVE-2012-5176
Cross-site scripting XSS vulnerability in KENT-WEB ACCESS REPORT 5.02 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to tag embedding...
SUSE-SU-2025:0946-1 Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP4)
This update for the Linux Kernel 5.14.21-15040024136 fixes several issues. The following security issues were fixed: - CVE-2024-46818: drm/amd/display: Check gpioid before used as array index bsc1231204. - CVE-2024-46815: drm/amd/display: Check numvalidsets before accessing readerwmsets bsc123119...
CVE-2023-52468 class: fix use-after-free in class_register()
In the Linux kernel, the following vulnerability has been resolved: class: fix use-after-free in classregister The lockclasskey is still registered and can be found in lockkeyshash hlist after subsysprivate is freed in error handler path.A task who iterate over the lockkeyshash later may cause...
THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
Any app that can improve business operations is quickly added to the SaaS stack. However, employees don't realize that this SaaS-to-SaaS connectivity, which typically takes place outside the view of the security team, significantly increases risk. Whether employees connect through Microsoft 365,...
MySQL Squid Access Report 2.1.4 - SQL Injection / Cross-Site Scripting Vulnerabilities
Exploit for php platform in category web applications...
MySQL Squid Access Report 2.1.4 - SQL Injection / Cross-Site Scripting
Exploit Title: MySQL Squid Access Report 2.1.4 Multiple Vulnerabilities Date: 14-13-2018 Software Link: https://sourceforge.net/projects/mysar/ Exploit Author: Keerati T. Version: 2.1.4 Tested on: Linux 1. Description SQL injection and Cross site script vulnerabilities are found on ALL parameter ...
MySQL Squid Access Report 2.1.4 - SQL Injection Cross-Site Scripting
MySQL Squid Access Report 2.1.4 - SQL Injection Cross-Site Scripting Exploit Title: MySQL Squid Access Report 2.1.4 Multiple Vulnerabilities Date: 14-13-2018 Software Link: https://sourceforge.net/projects/mysar/ Exploit Author: Keerati T. Version: 2.1.4 Tested on: Linux 1. Description SQL...
MySQL Squid Access Report 2.1.4 Cross Site Scripting / SQL Injection
Exploit Title: MySQL Squid Access Report 2.1.4 Multiple Vulnerabilities Date: 14-13-2018 Software Link: https://sourceforge.net/projects/mysar/ Exploit Author: Keerati T. Version: 2.1.4 Tested on: Linux 1. Description SQL injection and Cross site script vulnerabilities are found on ALL parameter ...
CVE-2012-5176
Cross-site scripting XSS vulnerability in KENT-WEB ACCESS REPORT 5.02 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to tag embedding...
CVE-2012-5175
Cross-site scripting XSS vulnerability in KENT-WEB ACCESS REPORT 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to access-log data...
CVE-2012-5176
Cross-site scripting XSS vulnerability in KENT-WEB ACCESS REPORT 5.02 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to tag embedding...
CVE-2012-5176
The CVE-2012-5176 entry corresponds to a cross-site scripting (XSS) vulnerability in KENT-WEB ACCESS REPORT versions 5.02 and earlier. The root cause is a flaw in how tags are embedded into the web page, which permits remote attackers to inject arbitrary script or HTML via those embedding vectors...
CVE-2012-5175
Cross-site scripting XSS vulnerability in KENT-WEB ACCESS REPORT 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to access-log data...