PT-2023-24901 · Mooj.Org +1 · Proforms Basic Component For Joomla +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to an SQL Injection vulnerability due to the improper neutralization of special elements used in an SQL command. This allows for SQ...

Joomla! Proforms Basic SQL Injection Vulnerability

Joomla! is a set of forum components used in the Joomla! content management system. A security vulnerability exists in Joomla! Proforms Basic that stems from improper neutralization of special elements, which can lead to SQL injection...

Authentication Bypass

gitlab is vulnerable to Authentication Bypass. The vulnerability allows an attacker to bypass 2FA for LDAP users and access some specific pages with Basic Authentication...

Information Exposure

Overview logstash-core is a scalable log and event management tool. Affected versions of this package are vulnerable to Information Exposure. Elasticsearch Output plugin would log to file HTTP basic auth credentials when updating connections after sniffing. Remediation Upgrade logstash-core to...

HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software

A new variant of AsyncRAT malware dubbed HotRat is being distributed via free, pirated versions of popular software and utilities such as video games, image and sound editing software, and Microsoft Office. "HotRat malware equips attackers with a wide array of capabilities, such as stealing login...

Cybercriminals Exploit Microsoft Word Vulnerabilities to Deploy LokiBot Malware

Microsoft Word documents exploiting known remote code execution flaws are being used as phishing lures to drop malware called LokiBot on compromised systems. "LokiBot, also known as Loki PWS, has been a well-known information-stealing Trojan active since 2015," Fortinet FortiGuard Labs researcher...

Authentication flaw

The number of login attempts is not limited. This could allow an attacker to perform a brute force on HTTP basic authentication...

CVE-2023-33868

CVE-2023-33868 concerns an authentication flaw in PiiGAB M-Bus software (notably the 900S family). The root issue is an unlimited number of login attempts, enabling brute-force against HTTP basic authentication. Public sources (NVD, CVE list, PRION, ics-advisory) consistently describe this vulner...

CVE-2023-37134

A stored cross-site scripting XSS vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-37136

A stored cross-site scripting XSS vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-37136

A stored cross-site scripting XSS vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-37136

A stored cross-site scripting XSS vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-37134

A stored cross-site scripting XSS vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

EyouCms 跨站脚本漏洞

Zanzan Network Technology EyouCms Eyou CMS is an open source content management system CMS based on ThinkPHP by China Zanzan Network Technology Company. A security vulnerability exists in EyouCms v1.6.3, which originates from a stored cross-site scripting XSS vulnerability in Basic Website...

EyouCms 跨站脚本漏洞

Zanzan Network Technology EyouCms Eyou CMS is an open source content management system CMS based on ThinkPHP by China Zanzan Network Technology Company. A security vulnerability exists in EyouCms v1.6.3, which originates from a stored cross-site scripting XSS vulnerability in Basic Information...

CVE-2023-37134

A stored cross-site scripting XSS vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

PT-2023-24522 · Piigab · M-Bus Softwarepack +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns the lack of limitation on the number of login attempts, which could allow an attacker to perform a brute force attack on HTTP basic...

CVE-2023-25937

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable...