WordPress Royal MCP plugin <= 1.4.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Alexis Lafontaine in WordPress Plugin Royal MCP versions = 1.4.2...

WordPress Pix for WooCommerce plugin <= 1.5.0 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Alexis Lafontaine in WordPress Plugin Pix for WooCommerce versions = 1.5.0...

WordPress Post Timeline plugin <= 2.4.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Alexis Lafontaine in WordPress Plugin Post Timeline versions = 2.4.1...

EUVD-2025-146024

Malicious code in alexisrodriguez npm...

EUVD-2001-1235

Malware in sbrugna...

OSINT in 60 seconds. Mind reading on TV

TL;DR We were asked to help with a Channel 5 consumer education series about online banking scams The presenter, Alexis Conran, was to ‘read’ the minds of members of the public walking past a coffee shop A release form was signed by the targets, with their name, email, and phone number, then pass...

A Bootiful Podcast: Google Developer Advocate, Java legend, Alexis Moussine Pouchkine

Hi, Spring fans! Happy Thanksgiving to those who celebrate! Have you tried out Spring Boot 3.2? It comes out NEXT week on the 23rd! Get the bits and try them out now! This week I am joined by Google Developer Advocate, Java legend, Alexis Moussine Pouchkine...

alexisduclos.fr Cross Site Scripting vulnerability OBB-3489727

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Hacked Security Software Used in Novel South Korean Supply-Chain Attack

The Lazarus cybercriminal group is using a novel supply-chain attack against visitors to websites operated by the South Korean government and financial firms, in order to deliver dropper malware that eventually plants a remote access trojan on victim’s PCs. The attacks use stolen digital...

wnmu.edu XSS vulnerability

Vulnerable URL: http://www.wnmu.edu/faccal/calendar.php?year=2012=" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 256972 VIP website status:| No Check wnmu.edu SSL connection:|...

[oss-security] Re: Bug#751417: linux-image-3.2.0-4-5kc-malta: no SIGKILL after prctl&#40;PR_SET_SECCOMP, 1, ...&#41; on MIPS

On dim., 2014-06-15 at 19:31 +0100, Ben Hutchings wrote: Please can you assign a CVE ID to this bug? Hi Ben, we usually don't assign CVE from our pool for public issues, and I'm especially reluctant here as I don't know if someone else aware of this issue could have assign one. So I'm asking on...

SA-CONTRIB-2012-166 - Table of Contents - Access Bypass

This module enables you to generates a list of select header tags in a box that looks like a table of contents or summary. The links added to that box point to the headers so users can quickly access each section of your documents. The module doesn't sufficiently check for node access restriction...

SA-CONTRIB-2012-159 - Password policy - Information leakage of hashed passwords

This module provides a way to specify a certain level of password complexity aka. "password hardening" for user passwords on a system by defining a password policy. The Password policy module allows administrators to request users to enter a new password that does not match any of the previous X...

SA-CONTRIB-2009-085 - Insert Node - Cross Site Scripting

The Insert Node module provides an input filter that enables a node to be inserted within the body field of another node. The module fails to sanitize the inserted node, making it vulnerable to a cross site scripting XSS attack. Versions affected Insert Node module versions for Drupal 5.x prior t...

CVE-2001-1254

The CVE-2001-1254 entry describes a vulnerability in the Web Access component for COM2001 Alexis 2.0/2.1 in InternetPBX where username and voice mail passwords are transmitted in the clear via a Java applet that communicates to port 8888 on the server, allowing remote attackers to sniff credentia...

CVE-2001-1253

CVE-2001-1253 affects Alexis 2.0/2.1 in COM2001 InternetPBX, where voicemail passwords are stored in plain text in the com2001.ini file. This plaintext storage could allow local users to impersonate other users and place long-distance calls. The available documents do not provide exploitation det...

CVE-2001-1253

Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords in plain text in the com2001.ini file, which could allow local users to make long distance calls as other users...

CVE-2001-1253

Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords in plain text in the com2001.ini file, which could allow local users to make long distance calls as other users...