MAL-2025-35535 Malicious code in test-mlw2-horst-zincs (npm)

The package test-mlw2-horst-zincs was found to contain malicious code...

Malicious code in test-mlw2-horst-zincs (npm)

The package test-mlw2-horst-zincs was found to contain malicious code...

horst-petersen.de Improper Access Control vulnerability OBB-3767077

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

arianhorst.me.uk Cross Site Scripting vulnerability OBB-3365301

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

horst-geuer.de Cross Site Scripting vulnerability OBB-3290467

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

horst--janssen.de Cross Site Scripting vulnerability OBB-3194303

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

horst-guentheroth.com Cross Site Scripting vulnerability OBB-1299113

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Drupal 7.0 < 7.31 - Drupalgeddon SQL Injection (Admin Session) Exploit

Exploit for php platform in category web applications //· include 'common.inc'; include 'password.inc'; // set values $username = 'admin'; $url = isset$argv1?$argv1:''; $userid = isset$argv2?intval$argv2:1; if $url == '-h' echo "usage:\n"; echo $argv0.' $url $userid'."\n"; die; if empty$url ||...

horst-gummi.de XSS vulnerability

Open Bug Bounty ID: OBB-561516 Description| Value ---|--- Affected Website:| horst-gummi.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Debian DSA-3417-1 : bouncycastle - security update

Tibor Jager, Jorg Schwenk, and Juraj Somorovsky, from Horst Gortz Institute for IT Security, published a paper in ESORICS 2015 where they describe an invalid curve attack in Bouncy Castle Crypto, a Java library for cryptography. An attacker is able to recover private Elliptic Curve keys from...

http-vuln-cve2014-3704 NSE Script

Exploits CVE-2014-3704 also known as 'Drupageddon' in Drupal. Versions 7.32 of Drupal core are known to be affected. Vulnerability allows remote attackers to conduct SQL injection attacks via an array containing crafted keys. The script injects new Drupal administrator user via login form and the...

Debian Security Advisory DSA 3417-1 (bouncycastle - security update)

Tibor Jager, Jorg Schwenk, and Juraj Somorovsky, from Horst Gortz Institute for IT Security, published a paper in ESORICS 2015 where they describe an invalid curve attack in Bouncy Castle Crypto, a Java library for cryptography. An attacker is able to recover private Elliptic Curve keys from...

Drupal 7.0 7.31 - Drupalgeddon SQL Injection (Remote Code Execution)

Drupal 7.0 7.31 - Drupalgeddon SQL Injection Remote Code Execution // and Stefan Esser //· include 'common.inc'; include 'password.inc'; // set values $userid = 0; $username = ''; $codeinject = 'phpinfo;sessiondestroy;die"";'; $url = isset$argv1?$argv1:''; $code = isset$argv2?$argv2:''; if $url =...

Drupal 7.0 &lt; 7.31 - &#039;Drupalgeddon&#039; SQL Injection (Remote Code Execution)

// and Stefan Esser //· include 'common.inc'; include 'password.inc'; // set values $userid = 0; $username = ''; $codeinject = 'phpinfo;sessiondestroy;die"";'; $url = isset$argv1?$argv1:''; $code = isset$argv2?$argv2:''; if $url == '-h' echo "usage:\n"; echo $argv0.' $url $code|$file'."\n"; die; ...

Drupal 7.0 &lt; 7.31 - &#039;Drupalgeddon&#039; SQL Injection (Admin Session)

//· include 'common.inc'; include 'password.inc'; // set values $username = 'admin'; $url = isset$argv1?$argv1:''; $userid = isset$argv2?intval$argv2:1; if $url == '-h' echo "usage:\n"; echo $argv0.' $url $userid'."\n"; die; if empty$url || strpos$url,'https' === False echo "please state the cook...

DSA-3051-1 drupal7 - security update

Bulletin has no description...

BackTrack 5 R2 Released, New Kernel, New Tools

BackTrack 5 R2 Released, New Kernel, New Tools Hacker are your Ready ? Backtrack 5 R2 finally released with bug fixes, upgrades, and the addition of 42 new tools. With the best custom-built 3.2.6 kernel, the best wireless support available at maximum speed. This release have included Metasploit...

php wcms XT 0.0.7 Multiple Remote File Inclusion Vulnerabilities

Exploit for unknown platform in category web applications ================================================================ php wcms XT 0.0.7 Multiple Remote File Inclusion Vulnerabilities ================================================================ ?????????? ??????????????? ?????????????????...