21 matches found
EUVD-2020-4726
Malware in sbrugna...
EUVD-2015-1270
Malware in sbrugna...
EUVD-2022-34475
Malicious code in bioql PyPI...
EUVD-2023-23927
Malicious code in bioql PyPI...
EUVD-2022-34851
Malicious code in bioql PyPI...
EUVD-2024-51484
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2011-0134
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service memory...
Drupal Enterprise MFA - TFA for Drupal 安全漏洞
Drupal Enterprise MFA - TFA for Drupal is a module plugin in the Drupal content management system for the Drupal community. A security vulnerability exists in Drupal Enterprise MFA - TFA for Drupal versions prior to 5.2.0, which stems from a lack of authorization and may result in forced browsing...
CVE-2025-2595 Forced Browsing Vulnerability in CODESYS Visualization
An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing...
CVE-2025-26689
Direct request 'Forced Browsing' issue exists in CHOCO TEI WATCHER mini IB-MCT001 all versions. If a remote attacker sends a specially crafted HTTP request to the product, the product data may be obtained or deleted, and/or the product settings may be altered...
CVE-2022-2192
Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 allows remote attackers with a valid one-time recovery token to elevate privileges via path tampering in the Magic Link page. This issue affects: HYPR Server versions later than 6.10; version 6.15.1 and prior versions...
CISA Adds Four Known Exploited Vulnerabilities to Catalog
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-45195link is external Apache OFBiz Forced Browsing Vulnerability CVE-2024-29059link is external Microsoft .NET Framework Information Disclosure Vulnerability...
Siemens SINEMA Remote Connect Server Forced Browsing Vulnerability
Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens, Germany. The platform is used to remotely access, maintain, control and diagnose the underlying network. Siemens SINEMA Remote Connect Server suffers from a forced browsing vulnerability, which is caused du...
Siemens SINEMA Remote Connect Server Forced Browsing Vulnerability (CNVD-2024-31230)
Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens, Germany. The platform is used to remotely access, maintain, control and diagnose the underlying network. Siemens SINEMA Remote Connect Server suffers from a forced browsing vulnerability due to the failure ...
CVE-2023-42923
This issue was addressed through improved state management. This issue is fixed in iOS 17.2 and iPadOS 17.2. Private Browsing tabs may be accessed without authentication...
CVE-2021-21602
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks...
CVE-2011-2352
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1...
UBUNTU-CVE-2011-2339
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1...
[cosmoshop again] sql injection + view all files as admin user
i am: l0om page: www.excluded.org product: cosmoshop 1 show all files as admin-user 2 sql injection Cosmoshop - Lse = V8.11.106 1 Show all files as an admin-user: /cgi-bin/admin/bestellvorgang/editmailtexte.cgi?file=../../../../../../../../../etc/passwd00...
CVE-2004-1753
The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindowNULL calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs...