15 matches found
VulnCheck KEV: CVE-2026-8181
The Burst Statistics – Privacy-Friendly WordPress Analytics Google Analytics Alternative plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the ismainwpauthenticated function when validating application...
EUVD-2026-14955
A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data...
EUVD-2023-1593
Malicious code in bioql PyPI...
CVE-2024-57490
Guangzhou Hongfan Technology Co., LTD. iOffice20 has any user login vulnerability. An attacker can log in to any system account including the system administrator through a logical flaw...
Blind XSS Leading to Froxlor Application Compromise
Description: A Stored Blind Cross-Site Scripting XSS vulnerability has been identified in the Failed Login Attempts Logging Feature of the Froxlor Application. Stored Blind XSS occurs when user input is not properly sanitized and is stored on the server, allowing an attacker to inject malicious...
CVE-2022-20929
A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade...
Mail.ru: XSS Stored on https://seedr.ru
Site: https://seedr.ru/ OS version: Windows 10 browser: Google chrome Stored cross-site scripting arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way. I changed my nickname to a code that demonstrates the...
CVE-2020-5948
On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the...
Security feature bypass
Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote administrator access can fully compromise the device by performing a firmware recovery...
CVE-2016-10258
Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway ASG and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code...
Uber: Stored XSS on developer.uber.com via admin account compromise
Hi, Anyone can add themselves as an administrator on the readme.io uber project that powers developer.uber.com/documentation To replicate this, first fetch https://uber.readme.io/inactiveand and grab Uber's project ID from the source: 578cd33dc27ce20e004e397b Then, using this ID, create a normal...
Opial CMS v2.0 Multiple Vulnerabilities
Exploit for php platform in category web applications Title: ====== Opial CMS v2.0 - Multiple Web Vulnerabilities Introduction: ============= Opial lets you create audio mp3/ram/rm/avi/mpg/wav/ai f or any other format audio/video downloads website, in 10 seconds you will be able to install opial ...
Oracle 1 0 & 11g exp.exe 0day stack overflow-vulnerability warning-the black bar safety net
Just being bored, I found a Oracle 11g database, there is a bit of high impact but low likleyhood of 0day attacks. The vulnerability is the Oracle export utility on the command line to specify the parameter file inside the“file”field within the analysis. The EXPORT utility as privileged code...
ie5-msn.exec.txt
This is a multi-part message in MIME format. --------------CEF2E6A38C7BDB5B012ADFB8 Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Georgi Guninski security advisory 18, 2000 IE 5.5/5.x for Win98 may execute arbitrary files that can be accessed thru Microsoft Networking...
local Administrator compromise at least on default Windows 2000
Georgi Guninski security advisory 18, 2000 IE 5.5/5.x for Win98 may execute arbitrary files that can be accessed thru Microsoft Networking. Also local Administrator compromise at least on default Windows 2000. Systems affected: For remote file execution: IE 5.5,5.x/Windows 98, the files must be...