PT-2025-52368

Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an unauthenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting XSS CAPEC-63 via a vulnerability a function handler in the Vega AST...

CVE-2025-8432 CentreonBI user account on the MBI server can execute commands as root by modifying script runned by the CRON

Incorrect Default Permissions vulnerability in Centreon Infra Monitoring MBI modules allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, from 23.10.0 before 23.10.15...

CVE-2025-8432

Centreon CVE-2025-8432 affects Centreon Infra Monitoring (MBI modules). Affected versions have incorrect default permissions that allow embedding scripts within scripts via the CentreonBI user account on the MBI server, potentially compromising confidentiality, integrity, and availability. Affect...

PT-2025-43928

Name of the Vulnerable Software and Affected Versions Centreon Infra Monitoring versions 23.10.0 through 23.10.15 Centreon Infra Monitoring versions 24.04.0 through 24.04.9 Centreon Infra Monitoring versions 24.10.0 through 24.10.6 Description A flaw exists in Centreon Infra Monitoring MBI module...

Centreon 安全漏洞

Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for network, system and application resources. A security vulnerability exists in Centreon that stems from improperly set default permissions, which could lead ...

EUVD-2018-1476

Malware in sbrugna...

EUVD-2024-16728

Malicious code in bioql PyPI...

CVE-2024-0949

Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass. This issue affects Elektraweb: before v17.0.68...

CVE-2018-0665

Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be...

CVE-2018-0666

CVE-2018-0666 applies to Yamaha devices (RT57i <=8.00.95, RT58i <=9.01.51, NVR500 <=11.00.36, RTX810

CVE-2018-0665

Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be...

Captaris Infinite WebMail 3.61.5 - HTML Injection

source: https://www.securityfocus.com/bid/6411/info An HTML injection vulnerability has been discovered in Captaris Infinite WebMail. Due to insufficient sanitization of HTML content, it is possible for an attacker to embed malicious script code into HTML email messages. This may allow an attacke...

SunShop Shopping Cart 1.5/2.x - User-Embedded Scripting

source: https://www.securityfocus.com/bid/4506/info SunShop is commercial web store software. It is written in PHP, and will run on most Unix and Linux operating systems as well as Microsoft Windows. SunShop allows attackers to embed arbitrary script code into form fields. This may enable a remot...

guninski-53.txt

Georgi Guninski security advisory 53, 2002 More Office XP problems Systems affected: Office XP Risk: High Date: 31 March 2002 Legal Notice: This Advisory is Copyright c 2002 Georgi Guninski. You may distribute it unmodified. You may not modify it and distribute it or distribute parts of it withou...