BIT-AUTHENTIK-2025-52553 authentik has Insufficient Session verification for Remote Access Control endpoint access

authentik is an open-source identity provider. After authorizing access to a RAC endpoint, authentik creates a token which is used for a single connection and is sent to the client in the URL. This token is intended to only be valid for the session of the user who authorized the connection, howev...

EUVD-2006-4606

Malware in sbrugna...

Omise: PII Exposure via Email Confirmation Link – Email Embedded in Token & Leaked via Wayback Machine

The vulnerability involved the exposure of personally identifiable information PII, specifically email addresses, through an email confirmation link used by Omise. The email address was embedded directly in a token that was visible in the URL. This token was subsequently archived by the Wayback...

CVE-2024-37829

An issue in Outline = v0.76.1 allows attackers to execute a session hijacking attack via user interaction with a crafted magic sign-in link...

CVE-2024-37829

An issue in Outline = v0.76.1 allows attackers to execute a session hijacking attack via user interaction with a crafted magic sign-in link...

CVE-2024-37829

An issue in Outline = v0.76.1 allows attackers to execute a session hijacking attack via user interaction with a crafted magic sign-in link...

VulnCheck KEV: CVE-2020-35730

Roundcube Webmail contains a cross-site scripting XSS vulnerability that allows an attacker to send a plain text e-mail message with Javascript in a link reference element that is mishandled by linkrefaddinindex in rcubestringreplacer.php...

git: Crafted URL containing new lines can cause credential leak

A flaw was found in git. Credentials can be leaked through the use of a crafted URL that contains a newline, fooling the credential helper to give information for a different host. Highest threat from the vulnerability is to data confidentiality...

CVE-2019-1029

A denial of service vulnerability exists in Skype for Business. An attacker who successfully exploited the vulnerability could cause Skype for Business to stop responding. Note that the denial of service would not allow an attacker to execute code or to elevate the attacker's user rights. To...

Skype for Business and Lync Server Denial of Service Vulnerability

A denial of service vulnerability exists in Skype for Business. An attacker who successfully exploited the vulnerability could cause Skype for Business to stop responding. Note that the denial of service would not allow an attacker to execute code or to elevate the attacker's user rights. To...

WordPress In Link 1.0 SQL Injection Vulnerability

WordPress In Link plugin version 1.0 suffers from a remote SQL injection vulnerability. Vulnerability Type: SQL injection is POST parameter "keyword" Affected plugin: --------------------------------------- In Link Version: 1.0 Requires WordPress Version: 2.8 or higher Compatible up to: 2.8 URL:...

WordPress In Link 1.0 SQL Injection

Vulnerability Type: SQL injection is POST parameter "keyword" Affected plugin: --------------------------------------- In Link Version: 1.0 Requires WordPress Version: 2.8 or higher Compatible up to: 2.8 URL: https://wordpress.org/plugins/inlinks/ plugin has been closed after the report...

In-link <= 2.3.4 (ADODB_DIR) Remote File Include Vulnerabilities

No description provided by source. ================================================================= in-link =2.3.4 adodb-postgres7.inc.php Remote File Inclusion Exploit ================================================================ Critical Level : Dangerous By Saudi Hackrz...

In-Portal In-Link 2.3.4 ADODB_DIR.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19824/info In-portal In-link is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing...

In-Link SQL Directory Engine SQL Injection

Exploit Title: In-link SQL Directory Engine ALL VERSIONS SQL INJECTION Vulnerabilities Google Dork: intext:In-link SQL Directory Date: 08/09/2011 Author: http://www.in-portal.com/ Software Link: http://www.in-portal.com/modules/directory-management.html Version: ALL Versions Tested on: Windows 7 ...

In-link 2.3.45.1.3 RC1 - cat SQL Injection

In-link 2.3.45.1.3 RC1 - cat SQL Injection source: https://www.securityfocus.com/bid/49508/info In-link is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

In-link 2.3.4/5.1.3 RC1 - &#039;cat&#039; SQL Injection

source: https://www.securityfocus.com/bid/49508/info In-link is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data,...

CVE-2006-4618

PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in John Lim ADOdb, possibly 4.01 and earlier, as used in Intechnic In-link 2.3.4, allows remote attackers to execute arbitrary PHP code via a URL in the ADODBDIR parameter...

CVE-2006-4618

CVE-2006-4618 : PHP remote file inclusion in the ADODB PostgreSQL integration (adodb-postgres7.inc.php) within John Lim ADOdb, potentially affected versions ≤ 4.01, used by Intechnic In-link 2.3.4. An attacker can supply a URL via the ADODB_DIR parameter to execute arbitrary PHP code on the serve...

inlink234.txt

================================================================= in-link =2.3.4 adodb-postgres7.inc.php Remote File Inclusion Exploit ================================================================ Critical Level : Dangerous By Saudi Hackrz http://www.in-portal.net/...