PT-2021-7768 · 3S Smart Software Solutions · Codesys Development System

Name of the Vulnerable Software and Affected Versions: CODESYS Development System versions 3.5.16 through 3.5.17 Description: A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality. This vulnerability can be triggered by a specially...

Vulnerability found in Microsoft Printer Spooler service

Microsoft has found a vulnerability in the Printer Spooler service. A local malicious person with the ability to execute code under user privileges to execute code could potentially exploit it to execute arbitrary code under SYSTEM privileges. It is as yet unknown in which versions of Windows the...

PT-2024-11320 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a possible use-after-free in the Linux kernel's watchdog driver. The driver's remove path calls del timer, which does not wait until the timer handler finishes,...

PT-2021-3888

Name of the Vulnerable Software and Affected Versions PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000, PM800 affected versions not specified Description The issue is related to insufficient authentication of executed requests, which could allow a remote attacker to...

PT-2020-4801 · Microsoft · Windows Bind Filter Driver +1

Name of the Vulnerable Software and Affected Versions: Windows Bind Filter Driver affected versions not specified Description: The issue is related to insufficient access control in the Windows Bind Filter driver, which can be exploited to elevate privileges. This could allow an attacker to affec...

PT-2020-20192 · Horde · Horde Groupware Webmail Edition

Name of the Vulnerable Software and Affected Versions: Horde Groupware Webmail Edition version 5.2.22 Description: The issue allows injection of arbitrary PHP code via CSV data, leading to remote code execution. Recommendations: For Horde Groupware Webmail Edition version 5.2.22, consider disabli...

CVE-2019-15506

An issue was discovered in Kaseya Virtual System Administrator VSA through 9.4.0.37. It has a critical information disclosure vulnerability. An unauthenticated attacker can send properly formatted requests to the web application and download sensitive files and information. For example, the...

Information disclosure

An issue was discovered in Kaseya Virtual System Administrator VSA through 9.4.0.37. It has a critical information disclosure vulnerability. An unauthenticated attacker can send properly formatted requests to the web application and download sensitive files and information. For example, the...

CVE-2019-15506

Kaseya Virtual System Administrator (VSA) up to 9.4.0.37 contains an information disclosure vulnerability. An unauthenticated attacker can issue properly formatted web requests and download sensitive files and information. The /DATAREPORTS directory (and other directories) can be exploited to har...

CVE-2019-15506

An issue was discovered in Kaseya Virtual System Administrator VSA through 9.4.0.37. It has a critical information disclosure vulnerability. An unauthenticated attacker can send properly formatted requests to the web application and download sensitive files and information. For example, the...

PT-2019-12140 · Thinkadmin · Thinkadmin

Name of the Vulnerable Software and Affected Versions: ThinkAdmin version 4.0 Description: The issue concerns the applicationadmincontrollerUser.php file in ThinkAdmin V4.0, where it fails to prevent the continued use of an administrator's cookie-based credentials after a password change. This...

TP-Link wireless router Archer C1200 - Cross-Site Scripting

Unauthenticated + Author: Usman Saeed usman at xc0re.net + Affected Version: Firmware version: 1.13 Build 2018/01/24 rel.52299 EU · Impact: Client side attacks are very common and are the source of maximum number of user compromises. With this attack, the threat actor can steal cookies, redirect...

PT-2018-16309 · Samsung · Samsung Smartthings Hub

Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 version 0.20.17 Description: The issue arises from the insecure extraction of fields from the "shard" table in the SQLite database by the video-core process, leading to a buffer overflow on the stack. This...

PT-2018-1502 · Microsoft · Excel Viewer +2

Name of the Vulnerable Software and Affected Versions: Microsoft Office affected versions not specified Microsoft Excel affected versions not specified Microsoft Excel Viewer affected versions not specified Description: The issue is related to incorrect handling of objects in memory, which can...

login.aliexpress.com Open Redirect vulnerability

Vulnerable URL: https://login.aliexpress.com/xman/xlogout.htm?returnurl=http://f01.s.alicdn.com/kf/HTB1R1OTb7fbuJjSsD4OxiqiFXaB.html Details: Description| Value ---|--- Patched:| No Latest check for patch:| 10.01.2018 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed...

pokemon.com XSS vulnerability

Vulnerable URL: https://www.pokemon.com/us/play-pokemon/pokemon-events/find-an-event/?city=Providencepp=100name=type=premierdate=365name==%22%3E%3Cscript%3EalertString.fromCharCode88,83,83%3C/script%3E176order=whencode=02905within=250=61+Trask+St.type=tcgobject=0date=0other=1=1 Details:...

autoescolatriangulo.com XSS vulnerability

Vulnerable URL: http://autoescolatriangulo.com/modules/modjoinstagrambox/tmpl/instagrambox.php?username=xss%22%3E%3Csvg/onload=prompt/openbugbounty/%3E=〈=pt-BR=true=true=100%=350pxℑ=medium=285989=F8F8F8=FFFFFF==260796206.0efbe26.89a76a9668934089a2d00d928486fd26 Details: Description| Value ---|---...

planenluxury.com XSS vulnerability

Vulnerable URL: http://www.planenluxury.com/es/%22+%3E%3C%252Fsvg%3E%3C%252F|%3E%3Csvg%252Fonload=prompt2%3E/7/0-0-g-p-0/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 19.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / N...

remaxlife.com.mx XSS vulnerability

Vulnerable URL: http://remaxlife.com.mx/es/%22+%3E%3C%252Fsvg%3E%3C%252F|%3E%3Csvg%252Fonload=prompt2%3E/7/0-0-g-p-0/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 19.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 2127753 VIP...

koreascience.or.kr XSS vulnerability

Vulnerable URL: http://www.koreascience.or.kr/article/ArticleFullRecord.jsp?cn=DJTJBT2014v12n181%22%3E%3Csvg%2Fonload%3Dalert%27OPENBUGBOUNTY%27%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 18.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclos...