EUVD-2008-1269

Malware in sbrugna...

EUVD-2022-28462

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2016-6625

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not...

USN-6554-1 gnome-control-center vulnerability

Zygmunt Krynicki discovered that GNOME Settings did not accurately reflect the SSH remote login status when the system was configured to use systemd socket activation for OpenSSH. Remote SSH access may be unknowingly enabled, contrary to expectation...

CVE-2023-40660

A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock a...

Nagios XI 5.7.x Remote Code Execution

Exploit Title: Nagios XI 5.7.X - Remote Code Exection RCE Authenticated Date: 19/12/2020 Exploit Author: Haboob Team https://haboob.sa Vendor Homepage: https://www.nagios.com/products/nagios-xi/ Version: Nagios XI 5.7.x Tested on: Ubuntu 18.04 / PHP 7.2.24 & Vendor's custom VM CVE: CVE-2020-35578...

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2021-54004)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. Versions prior to Mozilla Firefox 80 and versions prior to Android-based Firefox 80 are vulnerable to an information disclosure vulnerability that could be exploited by an attacker to obtain the login status of ...

Code injection

When trying to load a non-video in an audio/video context the exact status code 200, 302, 404, 500, 412, 403, etc. was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status ...

CVE-2014-3656

JBoss KeyCloak: XSS in login-status-iframe.html...

FreeBSD : typo3 -- multiple vulnerabilities (bab29816-ff93-11e8-b05b-00e04c1ea73d)

Typo3 core team reports : CKEditor 4.11 fixes an XSS vulnerability in the HTML parser reported by maxarr. The vulnerability stemmed from the fact that it was possible to execute XSS inside the CKEditor source area after persuading the victim to: i switch CKEditor to source mode, then ii paste a...

Cross-Site Scripting in Frontend User Login

Failing to properly encode user input, login status display is vulnerable to cross-site scripting in the website frontend. A valid user account is needed in order to exploit this vulnerability - either a backend user or a frontend user having the possibility to modify their user profile...

DEBIAN-CVE-2016-6625

An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not compromised by this vulnerability. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to...

Random number generator and input name linebreaks can be used to send custom data to other sites

Input names can contain line breaks when data is sent using POST. Suitable use of the random number generator can reveal predictable boundaries that will be used when sending the POST data. These can be combined to add extra boundaries into the data, containing payloads that may confuse the...

CVE-2008-1261

The Zyxel P-2602HW-D1A router with 3.40AJZ.1 firmware provides different responses to admin page requests depending on whether a user is logged in, which allows remote attackers to obtain current login status by requesting an arbitrary admin URI...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in phpArcadeScript 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the gamename parameter in tellafriend.php, 2 the loginstatus parameter in loginbox.php, 3 the submissionstatus parameter in index.php, the 4...