EUVD-2024-40876

Malicious code in bioql PyPI...

CVE-2025-58435

Open OnDemand is an open-source HPC portal. Prior to versions 3.1.15 and 4.0.7, noVNC interactive applications did not correctly rotate the password when TurboVNC was higher than version 3.1.2. The likelihood of exploitation is low as a user would need to share their link to an active desktop...

CVE-2024-48988 Apache StreamPark: SQL injection vulnerability

SQL Injection vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue. This vulnerability is present only in the distribution package SpringBoot platform and does not involve Maven...

Microsoft Dynamics CRM 2013 SP1 Cross Site Scripting

Advisory ID: HTB23245 Product: Microsoft Dynamics CRM 2013 SP1 Vendor: Microsoft Corporation Vulnerable Versions: 6.1.1.132 DB 6.1.1.132 and probably prior Tested Version: 6.1.1.132 DB 6.1.1.132 Advisory Publication: December 29, 2014 without technical details Vendor Notification: December 29, 20...

NGS00014 Technical Advisory: Cisco IPSec VPN Implementation Group Name Enumeration

======= Summary ======= Name: Cisco IPSec VPN Implementation Group Name Enumeration Release Date: 22 March 2011 Reference: NGS00014 Discoverer: Gavin Jones Vendor: Cisco Vendor Reference: CSCei51783, CSCtj96108 Systems Affected: ASA 5500 Series Adaptive Security Appliances -Cisco PIX 500 Series...

Coppermine 1.5.12 Path Disclosure

Vulnerability ID: HTB22836 Reference: http://www.htbridge.ch/advisory/pathdisclosureincoppermine.html Product: Coppermine Vendor: The Coppermine Dev Team http://coppermine-gallery.net/ Vulnerable Version: 1.5.12 and probably prior versions Vendor Notification: 03 February 2011 Vulnerability Type:...

myEvent version 1.6 Multiple Path Disclosure Vulnerabilities

netVigilance Security Advisory 24 myEvent version 1.6 Multiple Path Disclosure Vulnerabilities Description: myEvent is Dynamic Calendar based Events Management system with admin panel for adding events, edit and delete built using PHP & mySQL. Display today's event and future events links on the...

[myimei]MyBB 1.0.2 XSS attack in search.php

original advisory: http://myimei.com/security/2006-01-14-mybb-102searchphpxss-attackandmore/index.html --------------- —————-Summary—————- Software: MyBB Sowtware’s Web Site: http://mybboard.com Versions: 1.0.2 Class: Remote Status: patched in 1.0.3 Exploit: Available Solution: Available Discover...

Full path disclosure in CaLogic 1.22 and possible in older versions.

Full path disclosure in CaLogic 1.22 and possible in older versions. Language: PHP Project name: CaLogic Risk: Low Home page: http://www.calogic.de Discovered by: GB & Zetha Explotation examples: http://target/calogic122/doclsqlres.php Fatal error: Call to a member function on a non-object in...

Working Resources BadBlue 2.55 - MFCISAPICommand Remote Buffer Overflow (2)

Working Resources BadBlue 2.55 - MFCISAPICommand Remote Buffer Overflow 2 // source: https://www.securityfocus.com/bid/12673/info A remote buffer overflow vulnerability affects Working Resources BadBlue. This issue is due to a failure of the application to securely copy GET request parameters int...

3Com 3CDaemon FTP Unauthorized ""USER"" Remote BoF Exploit

No description provided by source. / Added " on line 86 /str0ke / / 3com 3CDaemon FTP Unauthorized "USER" Remote BOverflow The particularity of this exploit is to exploits a FTP server without the need of any authorization. Homepage: www.3com.com version: 3CDaemon v2.0 rev10 Link:...

NULLhttpd <= 0.5.1 XSS through Bad request

Luigi Auriemma Application: NULLhttpd http://nullhttpd.sourceforge.net/httpd/ Versions: = 0.5.1 Platforms: All supported Win & Unix Bug: Cross site scripting Risk: Low Author: Luigi Auriemma e-mail: [email protected] web: http://aluigi.altervista.org 1 Introduction 2 Bug 3 The Code 4 Fix...

Excel XP xml stylesheet problems

Georgi Guninski security advisory 55, 2002 Excel XP xml stylesheet problems Systems affected: Excel XP Risk: Low user interaction required Date: 24 May 2002 Legal Notice: This Advisory is Copyright c 2002 Georgi Guninski. You may distribute it unmodified. You may not modify it and distribute it o...