EUVD-2018-12382

Malware in sbrugna...

Right-Click Execution - Windows LNK File Special UNC Path NTLM Leak

This module creates a malicious Windows shortcut LNK file that specifies a special UNC path in EnvironmentVariableDataBlock of Shell Link .LNK that can trigger an authentication attempt to a remote server. This can be used to harvest NTLM authentication credentials. When a victim right-click the...

CVE-2025-8897

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘'flbuilder' parameter in all versions up to, and including, 2.9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

Malicious code in click-action-framework (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 863f4bd9c81749474f2360ad027e111369d13c2c699078f5ae2311e627b0d2fa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-7942 Malicious code in click-action-framework (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 863f4bd9c81749474f2360ad027e111369d13c2c699078f5ae2311e627b0d2fa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-6632 Happy Addons for Elementor <= 3.9.1.1 - Reflected Cross-Site Scripting

The Happy Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via DOM in all versions up to and including 3.9.1.1 versions up to 2.9.1.1 in Happy Addons for Elementor Pro due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2022-34318

IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM...

CVE-2021-20560

Affected software: IBM Sterling Connect:Direct Browser User Interface (UI) versions 1.4.1.1 and 1.5.0.2. Root cause / vulnerability type: Missing protection for HTML frames (no X-Frame-Options header) enabling a remote attacker to perform clickjacking by convincing a user to visit a malicious sit...

Design/Logic Flaw

IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click...

Security Bulletin: Rational DOORS is affected by multiple vulnerabilities

Summary Rational DOORS has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2017-1515 DESCRIPTION: IBM Doors Web Access could allow an authenticated user to obtain sensitive information from HTTP internal server error responses. CVSS Base Score: 4.3 CVSS Temporal Score: S...

CVE-2019-4086

CVE-2019-4086 affects IBM Cloud Application Performance Management (APM) 8.1.4 (Base Private/Advanced Private) and related APM components. A remote attacker could hijack a victim’s clicking actions by enticing them to visit a malicious site, potentially enabling further attacks. The IBM advisory ...

CVE-2017-15340

Huawei smartphones with software of TAG-AL00C92B168 have an information disclosure vulnerability. An attacker tricks the user to install a crafted application, this application simulate click action to back up data in a non-encrypted way using an Android assist function. Successful exploit could...

IBM API Connect Cross-Site Scripting Vulnerability

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing, and securing APIs, microservices, and more. IBM API Connect has a security vulnerability. A remote attacker can exploit the vulnerability by...

CVE-2016-9010

IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks...

CVE-2016-1941

The file-download dialog in Mozilla Firefox before 44.0 on OS X enables a certain button too quickly, which allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended...

Sql injection

Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via the 1 artid parameter to mod.php in a viewarticle action publisher mod and the 2 bid parameter to banners.php in a click action. NOTE: the mod.php viewdisk and viewlink vectors are...