40 matches found
EUVD-2018-3780
Malware in sbrugna...
EUVD-2018-3781
Malware in sbrugna...
EUVD-2013-0295
Malware in sbrugna...
EUVD-2018-3782
Malware in sbrugna...
EUVD-2024-54303
Malicious code in bioql PyPI...
EUVD-2024-54302
Malicious code in bioql PyPI...
CVE-2018-11773
Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The...
CVE-2018-11772
Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node if any was previously selected in the privilege tree. The cookie data is then used in an SQL statement. This allows for an SQL injection attack. Access to this portion of a VCL system requires adm...
CVE-2018-11774
Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of securi...
CVE-2024-53678
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache VCL. Users can modify form data submitted when requesting a new Block Allocation such that a SELECT SQL statement is modified. The data returned by the SELECT statement is not viewable by th...
CVE-2024-53679
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache VCL in the User Lookup form. A user with sufficient rights to be able to view this part of the site can craft a URL or be tricked in to clicking a URL that will give a specified user elevate...
CVE-2024-53679
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache VCL in the User Lookup form. A user with sufficient rights to be able to view this part of the site can craft a URL or be tricked in to clicking a URL that will give a specified user elevate...
CVE-2024-53678
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache VCL. Users can modify form data submitted when requesting a new Block Allocation such that a SELECT SQL statement is modified. The data returned by the SELECT statement is not viewable by th...
CVE-2024-53679
CVE-2024-53679 is an Apache VCL XSS in the User Lookup form. The issue is caused by improper neutralization of input during web page generation, allowing a user with sufficient rights to craft or click a URL that can elevate privileges for a specified user. Affected software: Apache VCL up to ver...
CVE-2024-53679 Apache VCL: XSS vulnerability in User Lookup impacting user privileges
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache VCL in the User Lookup form. A user with sufficient rights to be able to view this part of the site can craft a URL or be tricked in to clicking a URL that will give a specified user elevate...
CVE-2024-53679 Apache VCL: XSS vulnerability in User Lookup impacting user privileges
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache VCL in the User Lookup form. A user with sufficient rights to be able to view this part of the site can craft a URL or be tricked in to clicking a URL that will give a specified user elevate...
CVE-2024-53678
CVE-2024-53678 concerns Apache VCL with an SQL injection in the New Block Allocation form. Affected versions: 2.2–2.5.1. Root cause: improper neutralization of special elements in SQL commands, allowing an attacker to modify submitted form data and alter a SELECT statement. Impact as described: t...
CVE-2024-53678 Apache VCL: SQL injection vulnerability in New Block Allocation form
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache VCL. Users can modify form data submitted when requesting a new Block Allocation such that a SELECT SQL statement is modified. The data returned by the SELECT statement is not viewable by th...
CVE-2024-53678 Apache VCL: SQL injection vulnerability in New Block Allocation form
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache VCL. Users can modify form data submitted when requesting a new Block Allocation such that a SELECT SQL statement is modified. The data returned by the SELECT statement is not viewable by th...
Apache VCL 跨站脚本漏洞
Apache VCL is an open source cloud computing platform from the Apache USA Foundation. A cross-site scripting vulnerability exists in Apache VCL 2.5.1 and earlier versions. An attacker exploiting this vulnerability could elevate the privileges of a specified user via a URL...