CVE-2025-13132

A flaw was found in dia. This vulnerability allows users to be misled about the current site via a malicious site rendering a fake user interface UI without a full-screen notification...

PT-2025-47790

This vulnerability allowed a site to enter fullscreen, after a user click, without a full-screen notification toast appearing. Without this notification, users could potentially be misled about what site they were on if a malicious site renders a fake UI like a fake address bar...

EUVD-2022-28825

Malicious code in bioql PyPI...

CVE-2024-52590

Misskey is an open source, federated social media platform. In affected versions missing validation in ApRequestService.signedGet allows an attacker to create fake user profiles that appear to be from a different instance than the one where they actually exist. These profiles can be used to...

CVE-2024-52591

CVE-2024-52591 affects Misskey, where missing validation in ApRequestService.signedGet and HttpRequestService.getActivityJson allows forging of user profiles and notes across instances. The attack can impersonate both users and federated peers, with forged objects accepted as valid and full inter...

CVE-2024-52591 Missing validation allows spoofed profiles and notes in Misskey

Misskey is an open source, federated social media platform. In affected versions missing validation in ApRequestService.signedGet and HttpRequestService.getActivityJson allows an attacker to create fake user profiles and forged notes. The spoofed users will appear to be from a different instance...

Malicious code in fake-usreagant (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ef713dc551a4b2eb9b0c94b270f4c214aa90e688076e15bb263b3bb5f3b8484b Package imitates the legitimate fake-useragent, however it has a few suspicious additions: fake.py L149 calls a function from 'urllib2' module, which contains ...

CVE-2022-23903

A Cross Site Scripting XSS vulnerability exists in pearadmin pear-admin-think =5.0.6, which allows a login account to access arbitrary functions and cause stored XSS through a fake User-Agent...

Cross site scripting

A Cross Site Scripting XSS vulnerability exists in pearadmin pear-admin-think =5.0.6, which allows a login account to access arbitrary functions and cause stored XSS through a fake User-Agent...

CVE-2020-15654

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...

CVE-2020-15654

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...

SSDWLAB 6.1 - Authentication #Bypass Vulnerability

Exploit for asp platform in category web applications Exploit Title: SSDWLAB 6.1 - Authentication Bypass Exploit Author: Luis Buendía exoticpayloads Vendor Homepage: http://www.sbpsoftware.com/ Version: 6.1 Tested on: IIS 7.5 CVE : Pending Description: By injection on the SOAP function in the...

SSDWLAB 6.1 Authentication Bypass

Exploit Title: SSDWLAB 6.1 - Authentication Bypass Date: 2019-10-01 Exploit Author: Luis Buendía exoticpayloads Vendor Homepage: http://www.sbpsoftware.com/ Version: 6.1 Tested on: IIS 7.5 CVE : Pending Description: By injection on the SOAP function in the EditUserPassword function, it is possibl...

Security Advisory - Privilege Escalation Vulnerability in Push Module of Huawei Smart Phone

There is a privilege escalation vulnerability in Push module of Huawei Smart Phone. An attacker tricks a user to save a rich media into message on the smart phone, which could be exploited to cause the attacker to delete message or fake user to send message. Vulnerability ID: HWPSIRT-2017-05070...

OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh)

No description provided by source. !/bin/sh OpenSSH = 3.6.p1 - User Identification. Nicolas Couture - [email protected] Description: -Tells you wether or not a user exist on a distant server running OpenSSH. Usage: -You NEED to have the host's public key before executing this script...

vicftp-dos.txt

include include include define z00roa memseta,0,sizeofa; //greetings : SiD.psycho //Smallest greetings : Gorion - lofamy cIem We want be like y0U : unsigned int setportconst char port ifatoiport==0 || atoiport0 return 21; return atoiport; int mainint argc,char argv...

Easy Chat Server 1.x - Multiple Denial of Service Vulnerabilities

Easy Chat Server 1.x - Multiple Denial of Service Vulnerabilities source: https://www.securityfocus.com/bid/10649/info It is reported that Easy Chat Server is susceptible to multiple denial of service vulnerabilities. The chat software is implemented as a web server serving a chat web application...