76 matches found
Malicious code in @zalastax/nolb-ngs (npm)
The package @zalastax/nolb-ngs was found to contain malicious code...
MAL-2025-12520 Malicious code in @zalastax/nolb-ngs (npm)
The package @zalastax/nolb-ngs was found to contain malicious code...
CVE-2022-40361
Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code via the language parameter to the /ngs/login endpoint...
CVE-2022-40361
Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code via the language parameter to the /ngs/login endpoint...
Elite CRM 跨站脚本漏洞
Elite CRM is a customer relationship management system. A cross-site scripting vulnerability exists in Elite CRM v1.2.11, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary code via the langua...
CVE-2022-40361
Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code via the language parameter to the /ngs/login endpoint...
CISA Warned About Critical Vulnerabilities in Illumina's DNA Sequencing Devices
The U.S. Cybersecurity and Infrastructure Security Agency CISA and Food and Drug Administration FDA have issued an advisory about critical security vulnerabilities in Illumina's next-generation sequencing NGS software. Three of the flaws are rated 10 out of 10 for severity on the Common...
The ‘Perfect Storm’ of Disinformation and Hacking
We live in an age of fake news, misinformation and disinformation. Recently, we have been falling for it – mostly. That is largely thanks to a confluence of social media, hacking and good old fashion disinformation campaigns, according to Matt “Pwn all the Things” Tait, a senior cybersecurity...
ngs-lebach.de Open Redirect vulnerability
Open Bug Bounty ID: OBB-53356 Description| Value ---|--- Affected Website:| ngs-lebach.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...
NGS000196 Technical Advisory: Nagios XI Network Monitor OS Command Injection
======= Summary ======= Name: Nagios XI Network Monitor - OS Command Injection Release Date: 30 November 2012 Reference: NGS00196 Discoverer: Daniel Compton [email protected] Vendor: Nagios Vendor Reference: 0000283 Systems Affected: Nagios XI Network Monitor 2011R1.9 Risk: High Status...
Nagios XI Network Monitor 2011R1.9 OS Command Injection
======= Summary ======= Name: Nagios XI Network Monitor - OS Command Injection Release Date: 30 November 2012 Reference: NGS00196 Discoverer: Daniel Compton Vendor: Nagios Vendor Reference: 0000283 Systems Affected: Nagios XI Network Monitor 2011R1.9 Risk: High Status: Published ======== TimeLine...
Websense (Triton 7.6) Authentication Bypass
======= Summary ======= Name: Websense Triton 7.6 Authentication-bypass in report management UI Release Date: 30 April 2012 Reference: NGS00138 Discoverer: Ben Williams Vendor: Websense Vendor Reference: Systems Affected: Risk: High Status: Published ======== TimeLine ======== Discovered: 25...
Symantec pcAnywhere Insecure File Permissions / Privilege Escalation
======= Summary ======= Name: Symantec pcAnywhere insecure file permissions local privilege escalation Release Date: 30 April 2012 Reference: NGS00117 Discoverer: Edward Torkington Vendor: Symantec Vendor Reference: Systems Affected: Symantec pcAnywhere 12.5.x IT Management Suite 7.0 pcAnywhere...
Websense (Triton 7.6) Stored Cross Site Scripting
======= Summary ======= Name: Websense Triton 7.6 stored XSS in report management UI Release Date: 30 April 2012 Reference: NGS00141 Discoverer: Ben Williams Vendor: Websense Vendor Reference: Systems Affected: Risk: High Status: Published ======== TimeLine ======== Discovered: 2 November 2011...
NGS00138 Technical Advisory: Websense Triton 7.6 - authentication bypass in report management UI
======= Summary ======= Name: Websense Triton 7.6 Authentication-bypass in report management UI Release Date: 30 April 2012 Reference: NGS00138 Discoverer: Ben Williams [email protected] Vendor: Websense Vendor Reference: Systems Affected: Risk: High Status: Published ======== TimeLine...
NGS00117 Technical Advisory: Symantec pcAnywhere insecure file permissions local privilege escalation
======= Summary ======= Name: Symantec pcAnywhere insecure file permissions local privilege escalation Release Date: 30 April 2012 Reference: NGS00117 Discoverer: Edward Torkington [email protected] Vendor: Symantec Vendor Reference: Systems Affected: Symantec pcAnywhere 12.5.x IT...
NGS00107 Patch Notification: Oracle Grid Engine sgepasswd Buffer Overflow
High Risk Vulnerability Oracle Grid Engine 30 April 2012 Edward Torkington of NGS Secure has discovered a High risk vulnerability in Oracle Grid Engine Impact: sgepasswd Buffer Overflow Versions affected: version 62u7 This has been addresses as part of oracle April update:...
NGS00154 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Session hijacking and bypassing client-side session timeouts
Medium Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a medium risk vulnerability in the McAfee Email and Web Security Appliance Impact: Session hijacking and bypassing client-side session timeouts Versions affected: All...
NGS00153 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Reflective XSS allowing an attacker to gain session tokens
High Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a high risk vulnerability in the McAfee Email and Web Security Appliance Impact: Reflective XSS allowing an attacker to gain session tokens Versions affected: All versions...
NGS00155 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Any logged-in user can bypass controls to reset passwords of other administrators
High Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a high risk vulnerability in the McAfee Email and Web Security Appliance Impact: Any logged-in user can bypass controls to reset passwords of other administrators If role-bas...