Malicious code in risc-zero-developer-website (npm)

The package risc-zero-developer-website was found to contain malicious code...

Responsive Events & Movie Ticket Booking Script 3.2.1 - findcity.php?q SQL Injection Vulnerabili

Exploit for php platform in category web applications Exploit Title: Responsive Events & Movie Ticket Booking Script 3.2.1 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link:...

General Motors: XSS Vulnerability in developer.gm.com

The gm developer website contained a parameter that allowed XSS injection. The vulnerable input parameter has been identified and remediated...

bo:VideoJS, 2.1.1,

bo:VideoJS, 2.1.1, xss From developerhttp://www.boeschung.de/en/joomla/bo-videojs/video-js-v320...

Vivvo CMS-local file include and fix-vulnerability warning-the black bar safety net

Title: Vivvo CMS - Local File include ! Author: JaBrOtxHaCkEr www. Email My ^ ^ ! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Defects program Vivvo CMS is an intuitive content management system atop a powerful programming framework, empowering numerous industry leading online newspapers,...

JVN#80404511: Windows URL Protocol Handler may insecurely load executable files

Windows URL Protocol Handler loads a specified executable for each protocol. Windows URL Protocol Handler contains an issue with the file search path, which may insecurely load executable files. Impact An attacker may execute arbitrary code with the privilege of the running application. Solution...

Webiz SQL Injection

Exploit Title: Webiz SQL Injection Vulnerability Date: 23-05-2010 Author: kannibal615 Software Link: N/A Version: 2008 Tested on: PHP CVE : N/A Code : @@@@@@@@ @@ @@ @@@@@@ @@@@@ @@ @@@@@ @@ @@@@@@@@ @@@@@ @@@@@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@@@@@@ @@@@@ @@@@@ @@ @@ @@ @@@@@...

ILIAS 3.7.4 - ref_id Blind SQL Injection

ILIAS 3.7.4 - refid Blind SQL Injection ILIAS Learning Management 50-- milw0rm.com 2008-12-24...

JVN#72065744 K's CGI Access Log Kaiseki (Jcode.pm) vulnerable to cross-site scripting

K's CGI Access Log Kaiseki is a program to analyze access to a web page. analysis.cgi included in Access Log Kaiseki Jcode.pm contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update...

Hosting Controller 6.1 Hotfix 3.1 - Privilege Escalation

Hosting Controller 6.1 Hotfix 3.1 - Privilege Escalation Title: An attacker can gain reseller privileges and after that can gain admin privileges Version: 6.1 Hotfix function siteaction nact= "/hosting/addreseller.asp?htype=3" window.document.all.frm1.action = window.document.all.siteact.value +...