signal-echo-radar

Signal Echo Radar Signal Echo Radar is a static cybersecurity...

AVideo: stored XSS via unescaped stream key in modeYoutubeLive.php class attribute

Summary Type: Stored cross-site scripting. The Live plugin's "YouTube-style" view renders the live transmission's stream key into an HTML class attribute by raw echo, without htmlspecialchars. A canStream user can persist a key containing " plus an event handler via plugin/Live/saveLive.php, and...

GHSA-M5J4-7R85-2CJ2 AVideo: stored XSS via unescaped stream key in modeYoutubeLive.php class attribute

Summary Type: Stored cross-site scripting. The Live plugin's "YouTube-style" view renders the live transmission's stream key into an HTML class attribute by raw echo, without htmlspecialchars. A canStream user can persist a key containing " plus an event handler via plugin/Live/saveLive.php, and...

CVE-2026-33351

CVE-2026-33351 affects WWBN AVideo prior to version 26.0, with a Server-Side Request Forgery (SSRF) in the Live plugin’s standalone deployment using the user-supplied webSiteRootURL to build a server-side request via file_get_contents(). The vulnerability enables unauthenticated SSRF, potentially...

[SECURITY] Fedora 43 Update: rust-below-0.9.0-6.fc43

below is an interactive tool to view and record historical system data. It has support for: - information regarding hardware resource utilization - viewing the cgroup hierarchy - cgroup and process information - pressure stall information PSI - record mode to record system data - replay mode to...

EUVD-2010-4787

Malware in sbrugna...

CVE-2010-4822

core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when the site is running in "live mode," allows remote attackers to obtain the SQL queries for a page via the showqueries and ajax parameters...

PT-2025-5641 · Silverstripe · Silverstripe

Name of the Vulnerable Software and Affected Versions: Silverstripe affected versions not specified Description: The issue affects sites in the "dev" environment mode, allowing an XSS payload to be executed in the resulting error message when a specifically crafted URL is provided. This is a...

GHSA-X5W2-WCR8-9Q45 Silverstripe Missing security check on dev/build/defaults

The buildDefaults method on DevelopmentAdmin is missing a permission check. In live mode, if you access /dev/build, you are requested to login first. However, if you access /dev/build/defaults, then the action is performed without any login check. This should be protected in the same way that...

[SECURITY] Fedora 37 Update: rust-below-0.6.3-4.fc37

below is an interactive tool to view and record historical system data. It has support for: - information regarding hardware resource utilization - viewing the cgroup hierarchy - cgroup and process information - pressure stall information PSI - record mode to record system data - replay mode to...

Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass Exploit

Exploit for php platform in category web applications Exploit Title: Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass Exploit Author: GeekHack Vendor Homepage: https://www.cardgate.com www.curopayments.com Software Link:...

Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass

Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass Exploit Title: Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass Discovery Date: 2020-02-02 Public Disclosure Date: 2020-02-22 Exploit Author: GeekHack Vendor Homepage: https://www.cardgate.com...

Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass

Exploit Title: Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass Discovery Date: 2020-02-02 Public Disclosure Date: 2020-02-22 Exploit Author: GeekHack Vendor Homepage: https://www.cardgate.com www.curopayments.com Software Link:...

Security update for spectre-meltdown-checker (moderate)

openSUSE Security Update: Security update for spectre-meltdown-checker Announcement ID: openSUSE-SU-2019:2710-1 Rating: moderate References: 1117665 1139073 Cross-References: CVE-2018-12207 CVE-2019-11135 Affected Products: openSUSE Leap 15.1 An update that fixes two vulnerabilities is now...

SUSE SLED15 / SLES15 Security Update : spectre-meltdown-checker (SUSE-SU-2019:3348-1)

This update for spectre-meltdown-checker fixes the following issues : - feat: implement TAA detection CVE-2019-11135 bsc1139073 - feat: implement MCEPSC / iTLB Multihit detection CVE-2018-12207 bsc1117665 - feat: taa: add TSXCTRL MSR detection in hardware info - feat: fwdb: use both Intel GitHub...

SilverStripe debug_profile Parameter Information Disclosure

The SilverStripe CMS install hosted on the remote web server is affected by an information disclosure vulnerability because it fails to properly handle the 'debugprofile' parameter of the 'sapphire/main.php' script when running in live mode. An attacker, exploiting this flaw, can gain sensitive...