CVE-2019-25277 FaceSentry Access Control System 6.4.8 Reflected Cross-Site Scripting via pluginInstall.php

FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated input to execute arbitrary JavaScript in victim browsers, potentially stealing...

Webinar: Learn How AI-Powered Zero Trust Detects Attacks with No Files or Indicators

Security teams are still catching malware. The problem is what they're not catching. More attacks today don't arrive as files. They don't drop binaries. They don't trigger classic alerts. Instead, they run quietly through tools that already exist inside the environment — scripts, remote access,...

CVE-2025-1232

The Site Reviews WordPress plugin before 7.2.5 does not properly sanitise and escape some of its Review fields, which could allow unauthenticated users to perform Stored XSS attacks...

CVE-2013-6867

Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise ASE 15.7 before 15.7 SP50 or 15.7 SP100 allows remote attackers to cause a denial of service via unspecified vectors...

CVE-2022-27220

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0 SP2. Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks...

CVE-1999-0449

The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service CPU consumption via a direct request to the 1 advsearch.asp, 2 query.asp, or 3 search.asp scripts...

CVE-1999-0805

Novell NetWare Transaction Tracking System TTS in Novell 4.11 and earlier allows remote attackers to cause a denial of service via a large number of requests...

CVE-1999-0181

The wall daemon can be used for denial of service, social engineering attacks, or to execute remote commands...

CVE-1999-0437

Remote attackers can perform a denial of service in WebRamp systems by sending a malicious string to the HTTP port...

CVE-1999-0572

.reg files are associated with the Windows NT registry editor regedit, making the registry susceptible to Trojan Horse attacks...

CVE-1999-0796

FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing attacks...

CVE-1999-0598

A network intrusion detection system IDS does not properly handle packets that are sent out of order, allowing an attacker to escape detection...

CVE-2019-16406

Centreon Web 19.04.4 has weak permissions within the OVA aka VMware virtual machine and OVF aka VirtualBox virtual machine files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron...

CVE-2019-16725

In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates...

CVE-2019-16546

Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks...

CVE-2019-12393

Anviz access control devices are vulnerable to replay attacks which could allow attackers to intercept and replay open door requests...

CVE-2019-12443

An issue was discovered in GitLab Community and Enterprise Edition 10.2 through 11.11. Multiple features contained Server-Side Request Forgery SSRF vulnerabilities caused by an insufficient validation to prevent DNS rebinding attacks...

CVE-2019-12416

we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default...

CVE-2006-3411

TLS handshakes in Tor before 0.1.1.20 generate public-private keys based on TLS context rather than the connection, which makes it easier for remote attackers to conduct brute force attacks on the encryption keys...

CVE-2024-2583

The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.0.5 does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS attacks...