EUVD-2023-0099

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-7341

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Reflected - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable...

CVE-2019-7336

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the view monitorfilters.php contains takes in input from the user and saves it into the session, and retrieves it later insecurely. The values of the MonitorName and Source parameters are being displayed without any...

UBUNTU-CVE-2019-7341

Reflected - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitorLinkedMonitors' parameter value in the view monitor monitor.php because proper filtration is omitted...

DEBIAN-CVE-2019-7334

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export export.php because proper filtration is omitted...

CVE-2019-7336

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the view monitorfilters.php contains takes in input from the user and saves it into the session, and retrieves it later insecurely. The values of the MonitorName and Source parameters are being displayed without any...

CVE-2019-7336

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the view monitorfilters.php contains takes in input from the user and saves it into the session, and retrieves it later insecurely. The values of the MonitorName and Source parameters are being displayed without any...

WordPress Membership Simplified SQL Injection Vulnerability (CNVD-2017-33667)

WordPress Membership Simplified is a WordPress-specific membership plugin developed by American software developer William. A SQL injection vulnerability exists in the code of the membership-simplified-for-oap-members-only/updateDB.php file in WordPress Membership Simplified version 1.58, which...

PT-2017-17037

Name of the Vulnerable Software and Affected Versions WPO-Foundation WebPageTest version 3.0 Description An issue exists due to insufficient filtration of user-supplied data passed to the "webpagetest-master/www/compare-cf.php" URL. This allows an attacker to execute arbitrary HTML and script cod...

Moodle: source code security analysis report

Several vulnerabilities were discovered in Moodle 'Moodle' software: File System Path Manipulation Incorrect User Input Filtration when Using the unserialize Function Incorrect Newline Symbol Filtration in HTTP-response Headers Using Insufficiently Random Generators in Cryptography HttpOnly Cooki...

Hippo CMS: source code security analysis report

Several vulnerabilities were discovered in Hippo 'Hippo CMS' software: Using XSL Transformation to Execute Any Code Violating the Java Object Model Missing XML document schema validation Using Broken or Risky Cryptographic Algorithm Incorrect Permissions for External Entities During XML Document...

Advanced Module Manager Free extension for Joomla!: source code security analysis report

Several vulnerabilities were discovered in Regular Labs 'Advanced Module Manager Free extension for Joomla!' software: Using Insufficiently Random Generators in Cryptography Incorrect Permissions for External Entities During XML Document Processing Incorrect User Input Filtration when Generating...

CMSimple CMS: source code security analysis report

Several vulnerabilities were discovered in CMSimple 'CMSimple CMS' software: File System Path Manipulation Incorrect User Input Filtration when Using Regular Expressions while Calling the pregreplace Function Using Global Variables Using Insufficiently Random Generators in Cryptography HttpOnly...

JSN PowerAdmin extension for Joomla!: source code security analysis report

Several vulnerabilities were discovered in JoomlaShine 'JSN PowerAdmin extension for Joomla!' software: Using Insufficiently Random Generators in Cryptography HttpOnly Cookies Incorrect Permissions for External Entities During XML Document Processing Incorrect User Input Filtration when...

Apache Apex: source code security analysis report

Several vulnerabilities were discovered in The Apache Software Foundation 'Apache Apex' software: Using XSL Transformation to Execute Any Code Missing Verification of Executable Files' Digital Signature when Executing them from Untrusted Sources HttpOnly Cookies Incorrect User Input Filtration wh...

Drupal CMS: source code security analysis report

Several vulnerabilities were discovered in Drupal Association 'Drupal CMS' software: Incorrect User Input Filtration when Generating Code on the Fly Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Hardcoded Credentials Using Insufficiently Random...

MantisBT < 1.2.19, 1.3.x < 1.3.0-beta.2 Multiple Vulnerabilities

MantisBT is prone to multiple vulnerabilities. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Self-XSS in Microsoft Dynamics CRM 2013 SP1

High-Tech Bridge Security Research Lab discovered a DOM-based self-XSS vulnerability in Microsoft Dynamics CRM 2013 SP1, which can be exploited to perform Cross-Site Scripting attacks against authenticated users. The vulnerability exists due to insufficient filtration of user-supplied input passe...

Multiple Vulnerabilities in jforum

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in jforum, which can be exploited to perform Cross-Site Scripting XSS and Cross-Site Request Forgery CSRF attacks. 1 Multiple Cross-Site scripting XSS vulnerabilities in jforum: CVE-2012-6445 1.1 The vulnerability exists d...

subdreamerSQL.txt

//==========================================// \ GHC - Subdreamer - ADVISORY // Product: Subdreamer \ Version: Subdreamer Light // URL: www.subdreamer.com \ VULNERABILITY CLASS: SQL injection //==========================================// Product Description "Powered by PHP and MySQL, Subdreamer...