29 matches found
MAL-2025-48685 Malicious code in gitlab-accountid (npm)
The package communicates with a domain associated with malicious activity...
EUVD-2008-5342
Malware in sbrugna...
EUVD-2004-1667
Malware in sbrugna...
PT-2024-16725 · Unknown · Amtt Hotel Broadband Operation System
Name of the Vulnerable Software and Affected Versions: AMTT Hotel Broadband Operation System versions up to 3.0.3.151204 Description: A critical issue has been found in the AMTT Hotel Broadband Operation System. It affects an unknown function of the file /manager/frontdesk/online status.php. The...
AMTT Hotel Broadband Operation System 注入漏洞
AMTT Hotel Broadband Operation System is a hotel broadband operation system from China's AmTech Century AMTT. An injection vulnerability exists in AMTT Hotel Broadband Operation System HiBOS 3.0.3.151204 and earlier versions, which originates from the parameter AccountID in the file...
Malicious code in sap-accountid (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d80cf1beddae1149d89422bd3b18a14427df5e924a6ba9c01f0a19c33f69ac69 The OpenSSF Package Analysis project identified 'sap-accountid' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...
CVE-2020-13168
SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter...
Design/Logic Flaw
SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter...
CVE-2020-13168
SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter...
extras.ky3.com XSS vulnerability
Open Bug Bounty ID: OBB-647891 Description| Value ---|--- Affected Website:| extras.ky3.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Nextcloud: URI scheme bypass in mail app lead to HTML content spoof and opener control
Bug When we load a HTML mail from mailbox via api, etc http://nextcloud/index.php/apps/mail/accounts//folders/SU5CT1g=/messages//html Our content will be passed to HTML Purifier to strip malicious XSS patterns. After that, an filter will apply to transform acceptable URI schemes http, https, ftp,...
New Relic: Blind SSRF on synthetics.newrelic.com
Introduction It was possible to retrieve some data from the http://169.254.169.254/latest/ URL corresponding to the amazon instance metadatas. With more time, we can dump the whole content. PoC When creating a Ping Monitor on the https://synthetics.newrelic.com/accounts/XXXXXXX/synthetics URL, it...
Directory traversal
SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal sequence, which reveals the installation path in an error message...
CVE-2015-2997
SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal sequence, which reveals the installation path in an error message...
Solarwinds Orion AccountManagement.asmx GetAccounts Admin Creation
This module exploits a stacked SQL injection in order to add an administrator user to the SolarWinds Orion database. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Solarwinds Orion...
CVE-2008-6889
SQL injection vulnerability in Merchantsadd.asp in ASPReferral 5.3 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter...
Sql injection
SQL injection vulnerability in Merchantsadd.asp in ASPReferral 5.3 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter...
CVE-2008-6889
SQL injection vulnerability in Merchantsadd.asp in ASPReferral 5.3 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter...
CVE-2008-6889
The CVE-2008-6889 entry describes an SQL injection vulnerability in Merchantsadd.asp of ASPReferral 5.3. The flaw allows remote attackers to execute arbitrary SQL commands by supplying a crafted AccountID parameter, enabling potential unauthorized access or data manipulation. The NVD metrics indi...
CVE-2008-5365
SQL injection vulnerability in VoteHistory.asp in ActiveWebSoftwares ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter...