airduct (>=0.1.13 <=0.1.22), aprsd (>=1.6.0 <=3.4.4) +42 more potentially affected by CVE-2026-34531 via flask-httpauth (>=2.5.0 <=4.8.0)

flask-httpauth PYPI version =2.5.0, =0.1.13, =1.6.0, =1.0.5, =0.0.5, =0.5.0, =4.2.6, =1.0.0, =0.0.28, =0.0.0rc24, =1.0.2, =0.2.2, =3.2.0.0, =2.0.0, =0.1.8.1, =2.2.1 and more Source cves: CVE-2026-34531 Source advisory: OSV:GHSA-P44Q-VQPR-4XMG...

Malicious code in jurss-zss-drs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61a2d303602ab6301883d6a58fb9450b70ecefca7920fca2e4b5c5b4cb1d49cb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2024-0480

A vulnerability was found in Taokeyun up to 1.0.5. It has been declared as critical. Affected by this vulnerability is the function index of the file application/index/controller/m/Drs.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. The...

Taokeyun SQL Injection Vulnerability

Taokeyun is a shopping mall system by jifeer individual developer. A SQL injection vulnerability exists in Taokeyun version 1.0.5 and earlier versions, which originates from a SQL injection vulnerability in the cid parameter of the index function in the application/index/controller/m/Drs.php file...

PT-2024-15597 · Taokeyun · Taokeyun

Name of the Vulnerable Software and Affected Versions: Taokeyun versions up to 1.0.5 Description: A critical issue has been found in the HTTP POST Request Handler component, specifically in the function index of the file application/index/controller/m/Drs.php. The manipulation of the cid argument...

FarsightAD - PowerShell Script That Aim To Help Uncovering (Eventual) Persistence Mechanisms Deployed By A Threat Actor Following An Active Directory Domain Compromise

FarsightAD is a PowerShell script that aim to help uncovering eventual persistence mechanisms deployed by a threat actor following an Active Directory domain compromise. The script produces CSV / JSON file exports of various objects and their attributes, enriched with timestamps from replication...

Exploit for CVE-2020-1472

CVE-2020-1472 POC The vulnerability can be exploited in a Wi...

Kirona-DRS 5.5.3.5 Information Disclosure

Exploit Title: Kirona-DRS 5.5.3.5 - Information Disclosure Discovered Date: 2019-10-03 Shodan Search: /opt-portal/pages/login.xhtml Exploit Author: Ramikan Vendor Homepage: https://www.kirona.com/products/dynamic-resource-scheduler/ Affected Version: DRS 5.5.3.5 may be other versions. Tested On...

Kirona-DRS 5.5.3.5 - Information Disclosure

Exploit Title: Kirona-DRS 5.5.3.5 - Information Disclosure Discovered Date: 2019-10-03 Shodan Search: /opt-portal/pages/login.xhtml Exploit Author: Ramikan Vendor Homepage: https://www.kirona.com/products/dynamic-resource-scheduler/ Affected Version: DRS 5.5.3.5 may be other versions. Tested On...

Kirona-DRS 5.5.3.5 - Information Disclosure Vulnerability

Exploit for php platform in category web applications Exploit Title: Kirona-DRS 5.5.3.5 - Information Disclosure Shodan Search: /opt-portal/pages/login.xhtml Exploit Author: Ramikan Vendor Homepage: https://www.kirona.com/products/dynamic-resource-scheduler/ Affected Version: DRS 5.5.3.5 may be...

Kirona-DRS 5.5.3.5 - Information Disclosure

Kirona-DRS 5.5.3.5 - Information Disclosure Exploit Title: Kirona-DRS 5.5.3.5 - Information Disclosure Discovered Date: 2019-10-03 Shodan Search: /opt-portal/pages/login.xhtml Exploit Author: Ramikan Vendor Homepage: https://www.kirona.com/products/dynamic-resource-scheduler/ Affected Version: DR...

CVE-2019-17503

An issue was discovered in Kirona Dynamic Resource Scheduling DRS 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd aka /osmtiles/REGISTER.cmd directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database...

Cross site scripting

An issue was discovered in Kirona Dynamic Resource Scheduling DRS 5.5.3.5. A reflected Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script via the /osm/report/ password parameter...

Design/Logic Flaw

An issue was discovered in Kirona Dynamic Resource Scheduling DRS 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd aka /osmtiles/REGISTER.cmd directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database...

CVE-2019-17503

An issue was discovered in Kirona Dynamic Resource Scheduling DRS 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd aka /osmtiles/REGISTER.cmd directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database...

CVE-2019-17503

CVE-2019-17503 affects Kirona Dynamic Resource Scheduler (DRS) 5.5.3.5. An unauthenticated user can directly access /osm/REGISTER.cmd (/osm_tiles/REGISTER.cmd), which contains SQL queries that disclose database information (version, table names, column names, etc.). Multiple sources (NVD, Red Hat...

CVE-2019-17504

An issue was discovered in Kirona Dynamic Resource Scheduling DRS 5.5.3.5. A reflected Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script via the /osm/report/ password parameter...

CVE-2019-17504

Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5 is affected by a reflected XSS vulnerability. The issue allows remote attackers to inject arbitrary web script via the /osm/report/ password parameter, indicating insufficient input validation on the web application. References in the connected doc...

Orpheus' Lyre mutual authentication validation bypass

All versions of Samba from 4.0.0 include an embedded copy of Heimdal Kerberos. Heimdal has made a security release, which disclosed: Fix CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation This is a critical vulnerability. In krb5extractticket the KDC-REP service name must be obtained...

SQL Injection in extension "Browser - TYPO3 without PHP" (browser)

It has been discovered that the extension "Browser - TYPO3 without PHP" browser is susceptible to SQL Injection. Release Date: May 31, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 7.4.8 and below Vulnerabili...