EUVD-2020-20868

Malware in sbrugna...

EUVD-2024-36574

Malicious code in bioql PyPI...

Fedora 37 : matrix-synapse / python-matrix-common / rust-pythonize (2023-c0696d7b53)

The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-c0696d7b53 advisory. Update matrix-synapse to v1.80.0 to fix CVE-2022-39374, CVE-2023-32323 Tenable has extracted the preceding description block directly from the Fedor...

CVE-2022-29434

Insecure Direct Object References IDOR vulnerability in Spiffy Plugins Spiffy Calendar = 4.9.0 at WordPress allows an attacker to edit or delete events...

Mozilla Firefox Security Advisory (MFSA2013-10) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

CVE-2020-28713

Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote attacker can passively record push notification events which are sent over an insecure web request. The we...

Ribose Cross Site Request Forgery

Hi Team, Please find the attached description and the PoC for the vulnerability identified. Vulnerability: CSRF Attack on Ribose Online Social Collaboration Platform Date: 13/08/2014 Author: JoeV Vendor: www.ribose.com Tested on: Windows 7 Description: A CSRF attack forces a logged-on victim’s...

SuSE Update for Mozilla openSUSE-SU-2013:0149-1 (Mozilla)

Check for the Version of Mozilla OpenVAS Vulnerability Test $Id: gbsuse201301491.nasl 8456 2018-01-18 06:58:40Z teissa $ SuSE Update for Mozilla openSUSE-SU-2013:0149-1 Mozilla Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This progr...

FreeBSD : opera -- execution of arbitrary code (ea0f45e2-6c4b-11e2-98d9-003067c2616f)

Opera reports : Particular DOM event manipulations can cause Opera to crash. In some cases, this crash might occur in a way that allows execution of arbitrary code. To inject code, additional techniques would have to be employed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptiv...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2013-01 Miscellaneous memory safety hazards rv:18.0/ rv:10.0.12 / rv:17.0.2 MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer MFSA 2013-03 Buffer Overflow in Canvas MFSA 2013-04 URL spoofing in addressbar during page loads MFSA...

Simple PHP Agenda 2.2.8 - Cross-Site Request Forgery (Add Admin / Add Event)

+--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Simple PHP Agenda = 2.2.8 CSRF Add Admin - Add Event Date : 29-03-2012 Author : Ivano Binetti http://ivanobinetti.com Software link :...

Design/Logic Flaw

Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to 1 add new events via calAdd.php, as reachable from admin/add.php, or 2 delete events via admin/deleteEvent.php. NOTE: this is only a vulnerability when the administrator does not foll...

Vulnerability in PostCalendar

Overview -------- PostCalendar is an add-on for the popular PostNuke content management system. It provides a calender that lets users add events to. Problem ------- A user can add an event with unchecked HTML tags in. This includes the script tag which allows an attacker to steal cookies, redire...