EUVD-2014-4273

Malware in sbrugna...

EUVD-2007-6609

Malware in sbrugna...

CVE-2023-28433

Last updated 24 July 2024...

CVE-2022-2310

An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x prior to 9.2.23, 8.x prior to 8.2.28, and controlled release 11.x prior to 11.2.1 allows a remote attacker to bypass authentication into the administration User Interface. This is possible because of...

CVE-2022-2310 Skyhigh SWG Authentication bypass vulnerability

An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x prior to 9.2.23, 8.x prior to 8.2.28, and controlled release 11.x prior to 11.2.1 allows a remote attacker to bypass authentication into the administration User Interface. This is possible because of...

CVE-2022-2310

CVE-2022-2310 affects Skyhigh SWG. An authentication bypass allows remote login to the admin UI due to improper whitelisting of bypass methods and a weak crypto password. Affected versions include Skyhigh SWG 8.x–8.2.27, 9.x–9.2.22, 10.x–10.2.11, and 11.x–11.2.0. Remediation: upgrade to 8.2.28+, ...

SAP Web Dispatcher 跨站脚本漏洞

SAP Web Dispatcher is a core component of Load Balancing from SAP, which supports load balancing and provides reverse proxy functionality to enable external users to access internal applications. A cross-site scripting vulnerability exists in SAP Web Dispatcher and SAP Netweaver AS for ABAP and...

CVE-2021-36316

Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege management vulnerability in AUI. A malicious user with high privileges could potentially exploit this vulnerability, leading to the disclosure of the AUI info and performing some unauthorized operation ...

typo3 -- multiple vulnerabilities

Typo3 Team reports: In case an attacker manages to generate a valid cryptographic message authentication code HMAC-SHA1 - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. This...

Sonatype Nexus Repository Manager Cross-Site Scripting Vulnerability (CNVD-2018-11638)

Sonatype Nexus Repository Manager aka NXRM is a maven repository manager. A cross-site scripting vulnerability exists in Sonatype NXRM versions prior to 3.12.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via the Administration UI...

CVE-2017-14587

Summary: CVE-2017-14587 affects Atlassian Fisheye and Crucible prior to 4.4.2. An administration user deletion resource is vulnerable to a cross-site scripting (XSS) flaw in the uname parameter, enabling a remote attacker to inject arbitrary HTML or JavaScript. The issue is exploitable remotely o...

Claroline 1.10 Cross Site Scripting

------------------------------------------------------------------------ Software................Claroline 1.10 Vulnerability...........Persistent Cross-site Scripting Threat Level............Moderate 2/5 Download................http://www.claroline.net/ Disclosure Date.........4/6/2011 Tested...

ECShop 2.5.0 (order_sn) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ========================================================== ECShop 2.5.0 ordersn Remote SQL Injection Vulnerability ==========================================================...