14 matches found
CVE-2025-55903
A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize user input in the "Bill To" address field within the estimate module. As a result, arbitrary HTML can be injected and rendered unescaped in client-facing documents...
EUVD-2025-33769
A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize user input in the "Bill To" address field within the estimate module. As a result, arbitrary HTML can be injected and rendered unescaped in client-facing documents...
CVE-2025-55903
A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize user input in the "Bill To" address field within the estimate module. As a result, arbitrary HTML can be injected and rendered unescaped in client-facing documents...
CVE-2025-55903
A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize user input in the "Bill To" address field within the estimate module. As a result, arbitrary HTML can be injected and rendered unescaped in client-facing documents...
Learning Obfuscations of LLM Embedding Sequences: Stained Glass Transform
The high cost of ownership of AI compute infrastructure and challenges of robust serving of large language models LLMs has led to a surge in managed Model-as-a-service deployments. Even when enterprises choose on-premises deployments, the compute infrastructure is typically shared across many tea...
Crater Invoice Crater 代码问题漏洞
Crater Invoice Crater is an open source web and mobile application from Crater Invoice, Inc. for tracking expenses, payments and creating professional invoices and estimates. Crater Invoice crater suffers from a code issue vulnerability that stems from the unrestricted upload of dangerous types o...
fixr.com XSS vulnerability
Vulnerable URL: http://www.fixr.com/cost-estimates/?description=';...
Microsoft Says Fireball Malware Threat 'Overblown'
Check Point has ramped down its projections on the impact of the recently disclosed Fireball malware after Microsoft called its initial numbers into question. Details on Fireball were published June 1 by Check Point, which said the malware was the work of a Chinese digital marketing agency called...
fixr.com XSS vulnerability
Vulnerable URL: http://www.fixr.com/cost-estimates/?description=';...
Harvest: Extracting private info of estimates.
Hey there, So when someone creates a new estimate for a client it is not accessible to anyone except the admin and the person with the private URL of the web invoice. Now their is an option to convert estimate into invoice through https://amandhakertest.harvestapp.com/invoices/new?estimateid=IDHE...
WordPress Plugin WP-Client 3.8.7 - Persistent Cross-Site Scripting
Application: WP-Client Version: 3.8.7 Author: Pier-Luc Maltais from COSIG Twitter: @COSIG 1 Introduction 2 Report Timeline 3 Technical details 4 POC =============== 1 Introduction =============== One plugin configures multiple areas of your WordPress installation and allows the site Administrator...
ActiTime 2.0-MA Cross Site Request Forgery
|------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | | [email protected] | | |...
Password Tool Finds Rate of Brute Force Attack
Instead of indicating password quality via coloured bars, the Windows crypto tool Thor’s Godly Privacy TGP informs users about the estimated time required for a successful brute-force attack on the chosen password. Read the full article. The H Security...
How Many Botnets Exist? Depends on the Data
How many botnets are there? Symantec says 6.8 million, but a former Symantec executive at Immunet and a key creator of the Internet Security Threat Report says his former company is off by several magnitudes of order. Gunter Ollmann of Damballa concurs with Immunet and puts the numbers between 19...