EUVD-2021-18673

Malware in sbrugna...

CVE-2021-31792

XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field...

BIT-SUITECRM-2021-31792

XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field...

Design/Logic Flaw

LOYTEC electronics GmbH LINX-212 6.2.4 and LINX-151 7.2.4 are vulnerable to Insecure Permissions via dpalconfig.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication...

Authentication flaw

LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication...

CVE-2023-46386

LOYTEC electronics GmbH LINX-212 and LINX-151 devices all versions are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication...

Wedding Management System SQL Injection Vulnerability (CNVD-2022-54285)

Wedding Management System v1.0 is a wedding planning management system by John Paul Lim Gabule, a personal developer, and a SQL injection vulnerability in /Wedding-Management/admin/. clientmanageaccountdetails.php?bookingid=31&userid page lacks validation for external input SQL statements, which...

CVE-2021-31792

XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field...

CVE-2021-31792

XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field...

Cross site scripting

XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field...

CVE-2021-31792

CVE-2021-31792 affects SuiteCRM versions prior to 7.11.19. The vulnerability is a cross-site scripting flaw in the client account page that allows an attacker to inject JavaScript via the name field. No exploit specifics are provided beyond this description in the sources. Remediation per PT-Secu...

CVE-2021-31792

XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field...

PT-2021-19509 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.11.19 Description: The issue allows an attacker to inject JavaScript via the name field in the client account page, potentially leading to code execution. Recommendations: For versions prior to 7.11.19, update to...

Octopus Deploy Information Disclosure Vulnerability

Octopus Deploy is the automated deployment and release management server. An information disclosure vulnerability exists in Octopus Deploy prior to version 3.17.7. When a special client user account is granted CertificateExportPrivateKey privileges and "client access" is enabled on the Octopus...

CVE-2007-5264

Battlefront Dropteam 1.3.3 and earlier sends the client's online account name and password to the game server, which allows malicious game servers to steal account information...

CVE-2006-1009

M4 Project enigma-suite before 0.73.3 Windows has a default password of "nominal" for the "enigma-client" account, which allows local users to gain access...