21 matches found
CVE-2026-10854
A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...
CVE-2026-10854
A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...
CVE-2026-10854
A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...
CVE-2026-10854
CVE-2026-10854 affects MISP: a visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based acce...
CVE-2026-10854 Unauthorized exposure of private galaxies in MISP event template creation
A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...
EUVD-2026-34257
A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...
CVE-2026-10854 Unauthorized exposure of private galaxies in MISP event template creation
A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...
PT-2026-46224
A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...
EUVD-2008-6224
Malware in sbrugna...
MISP 2.4.171 - Stored XSS Vulnerability
Exploit Title: MISP 2.4.171 Stored XSS CVE-2023-37307 Authenticated Exploit Author: Mücahit Çeri Vendor Homepage: https://www.circl.lu/ Software Link: https://github.com/MISP/MISP Version: 2.4.171 Tested on: Ubuntu 20.04 CVE : CVE-2023-37307 Exploit: Logged in as low privileged account 1Click on...
CVE-2020-8893
CVE-2020-8893 affects MISP prior to 2.4.121. The issue is in the Galaxy view (file: app/View/Galaxies/view.ctp) where a search string was not properly sanitized, enabling improper handling of input. Impact is described in the sources as a vulnerability in the Galaxy search functionality; explicit...
galaxies-sf.com XSS vulnerability
Open Bug Bounty ID: OBB-551640 Description| Value ---|--- Affected Website:| galaxies-sf.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Sql injection
SQL injection vulnerability in scripts/documents.php in Jadu Galaxies allows remote attackers to execute arbitrary SQL commands via the categoryID parameter...
CVE-2008-6254
SQL injection vulnerability in scripts/documents.php in Jadu Galaxies allows remote attackers to execute arbitrary SQL commands via the categoryID parameter...
CVE-2008-6254
CVE-2008-6254 is a SQL injection vulnerability in the Jadu Galaxies web application, specifically in scripts/documents.php. An attacker can modify the categoryID parameter to execute arbitrary SQL commands on the backend database. This aligns with the NVD entry showing a CVSSv2 base score of 7.5 ...
CVE-2008-6254
SQL injection vulnerability in scripts/documents.php in Jadu Galaxies allows remote attackers to execute arbitrary SQL commands via the categoryID parameter...
Jadu Galaxies (categoryID) Blind SQL Injection Vulnerability
No description provided by source. powered by Jadu® Galaxies blind sql inj documents.php categoryID blind sql inj ---------------------------------------------------------- Discovered By: ZoRLu Date: 17.11.2008 Home: www.z0rlu.blogspot.com contact: [email protected] N0T: YALNIZLIK, YiTiRDi...
jadugalaxies-sql.txt
powered by Jadu® Galaxies blind sql inj documents.php categoryID blind sql inj ---------------------------------------------------------- Discovered By: ZoRLu Date: 17.11.2008 Home: www.z0rlu.blogspot.com contact: [email protected] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : my bug number...
Jadu Galaxies (categoryID) Blind SQL Injection Vulnerability
Exploit for unknown platform in category web applications ============================================================ Jadu Galaxies categoryID Blind SQL Injection Vulnerability ============================================================ powered by Jadu® Galaxies blind sql inj documents.php...
Jadu Galaxies - categoryId Blind SQL Injection
Jadu Galaxies - categoryId Blind SQL Injection powered by Jadu® Galaxies blind sql inj documents.php categoryID blind sql inj ---------------------------------------------------------- Discovered By: ZoRLu Date: 17.11.2008 Home: www.z0rlu.blogspot.com contact: [email protected] N0T: YALNIZLIK...