43 matches found
EUVD-2025-4358
Malicious code in bioql PyPI...
CVE-2025-27265
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aaron D. Campbell Google Maps for WordPress google-maps-for-wordpress allows DOM-Based XSS.This issue affects Google Maps for WordPress: from n/a through = 1.0.3...
CVE-2025-27265 WordPress Google Maps for WordPress plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aaron D. Campbell Google Maps for WordPress google-maps-for-wordpress allows DOM-Based XSS.This issue affects Google Maps for WordPress: from n/a through = 1.0.3...
CVE-2025-27265
CVE-2025-27265 corresponds to a DOM-based XSS in Google Maps for WordPress (WordPress plugin) affecting versions up to 1.0.3. The issue is described in connected sources as an Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability caused by improper input neutralization during web...
CVE-2024-5434
The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Passwords within that file are stored in a weakly encoded format. There is no known way to remotely access the file unless it has been manually renamed. However, if an attacker were t...
CVE-2024-5433
The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. A specially crafted expression can lead to a path traversal vulnerability. This command combined with a specially crafted expression allows anonymous, unauthenticated...
CVE-2024-5434 Weak Encoding for Password vulnerability in Campbell Scientific CSI Web Server and RTMC
The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Passwords within that file are stored in a weakly encoded format. There is no known way to remotely access the file unless it has been manually renamed. However, if an attacker were t...
CVE-2024-5434 Weak Encoding for Password vulnerability in Campbell Scientific CSI Web Server and RTMC
The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Passwords within that file are stored in a weakly encoded format. There is no known way to remotely access the file unless it has been manually renamed. However, if an attacker were t...
CVE-2024-5433 Path Traversal in Campbell Scientific CSI Web Server and RTMC
The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. A specially crafted expression can lead to a path traversal vulnerability. This command combined with a specially crafted expression allows anonymous, unauthenticated...
PT-2024-36224 · Campbell Scientific · Campbell Scientific Csi Web Server
Name of the Vulnerable Software and Affected Versions: Campbell Scientific CSI Web Server affected versions not specified Description: The issue concerns the storage of web authentication credentials in a file with a specific name. The passwords in this file are stored in a weakly encoded format,...
PT-2024-36213 · Campbell Scientific · Campbell Scientific Csi Web Server
Name of the Vulnerable Software and Affected Versions: Campbell Scientific CSI Web Server affected versions not specified Description: The issue allows anonymous, unauthenticated access to files and directories outside of the webserver root directory. This is achieved through a specially crafted...
Campbell Scientific CSI Web Server 安全漏洞
Campbell Scientific CSI Web Server is a web server from Campbell Scientific. A security vulnerability exists in Campbell Scientific CSI Web Server version 1.6 and prior versions, which originates when the password for a file is stored in a weakly encoded format, which allows an attacker to decode...
Campbell Scientific CSI Web Server 路径遍历漏洞
Campbell Scientific CSI Web Server is a web server from Campbell Scientific. A path traversal vulnerability exists in Campbell Scientific CSI Web Server version 1.6 and earlier, which originates from a vulnerability that allows an attacker to gain anonymous, unauthenticated access to files and...
Data Leak Exposes 1.5 Billion Real Estate Records, Including Elon Musk, Kylie Jenner
By Waqas A Campbell, New York-based real estate training platform called Real Estate Wealth Network exposed a massive treasure trove of real estate records due to cloud server misconfiguration. This is a post from HackRead.com Read the original post: Data Leak Exposes 1.5 Billion Real Estate...
campbellsci.ca Cross Site Scripting vulnerability OBB-3786845
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
GHSA-Q2QJ-628G-VHFW Insecure header validation in slim/psr7
Impact An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An attacker that is able to control the header names that are passed to Slilm-Ps...
CVE-2023-0321
Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the defau...
Default configuration
Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the defau...
Campbell Scientific dataloggers 信息泄露漏洞
Campbell Scientific dataloggers CR Series is a line of scientific data loggers from Campbell Scientific. A security vulnerability exists in the Campbell Scientific dataloggers that stems from the fact that they allow an attacker to download configuration files that may contain sensitive informati...
CVE-2023-0321
CVE-2023-0321 affects Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000. With factory defaults the devices have HTTP and PakBus enabled, and the PakBus port allows downloading, modifying, and uploading configuration files that may contain sensitive internal-network information....