EUVD-2015-4968

Malware in sbrugna...

CVE-2022-42073

Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editclient.php?id=...

PT-2021-24246 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.37 Description: The issue concerns a problem where the Special:ImportFile URI, also known as FileImporter, in MediaWiki allows for cross-site scripting XSS attacks. This is demonstrated through the clientUrl...

ALPINE-CVE-2018-16842

Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the toolmsgs.c:voutf function that may result in information exposure and denial of service...

ALPINE-CVE-2016-8615

A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar...

soudage-outillage.fr XSS vulnerability

Open Bug Bounty ID: OBB-598638 Description| Value ---|--- Affected Website:| soudage-outillage.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Code injection

Client Acceptor Daemon CAD in the client in IBM Spectrum Protect formerly Tivoli Storage Manager 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 allows remote attackers to cause a denial of service daemon crash via a crafted Web client URL...

Debian Security Advisory DSA 2849-1 (curl - information disclosure)

Paras Sethia discovered that libcurl, a client-side URL transfer library, would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user. OpenVAS Vulnerability Test $Id:...