Malicious Package

Overview apache-slingapiclient is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

Malicious Package

Overview language-mixer is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using language-mix...

Malicious Package

Overview apibancaclient is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using apibancaclie...

Microsoft SharePoint Cross-Site Scripting Vulnerability (CNVD-2020-24061)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A cross-site scriptin...

Microsoft SharePoint Cross-Site Scripting Vulnerability (CNVD-2020-24057)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A cross-site scriptin...

Microsoft SharePoint Spoofing Vulnerability (CNVD-2020-23443)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A security...

Microsoft SharePoint and Project Cross-Site Scripting Vulnerability

Microsoft SharePoint and Microsoft Project are both products of Microsoft Corporation.Microsoft SharePoint is a set of enterprise business collaboration platforms that are used to integrate business information and enable sharing of work and collaboration with others, organizing projects and...

PT-2020-2159 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: A cross-site scripting issue exists due to inadequate protection of the web page structure. This...

PT-2020-2194 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: A cross-site scripting issue exists due to inadequate protection of the web page structure. This...

Cross-site Scripting (XSS)

squirrelmail is vulnerable to cross-site scripting XSS. The vulnerability exists as a remote attacker could use this flaw to send a specially-crafted Multipurpose Internet Mail Extensions MIME message that, when opened by a victim, would lead to arbitrary web script execution in the context of...

Denial Of Service (DoS)

php is vulnerable to denial of service DoS. The vulnerability exists as an integer signedness issue was found in the PHP zip extension. An attacker could use a specially-crafted ZIP archive to cause the PHP interpreter to use an excessive amount of CPU time until the script execution time limit i...

Remote Code Execution (RCE)

PostgreSQL is vulnerable to remote code execution RCE. Due to a flaw found in the way PostgreSQL enforced permission checks on scripts written in PL/Tcl, if the PL/Tcl procedural language was registered on a particular database, an authenticated database user running a specially-crafted PL/Tcl...

CVE-2018-20677

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...

CVE-2020-1984

Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk C:\ to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo...

Hardcoded credentials

Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk C:\ to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo...

CVE-2018-21055

An issue was discovered on Samsung mobile devices with N7.0 Qualcomm models using MSM8996 chipsets software. A device can be rooted with a custom image to execute arbitrary scripts in the INIT context. The Samsung ID is SVE-2018-11940 September 2018...

CloudBees Jenkins AWSEB Deployment Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

CVE-2018-20676

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the tooltip data-viewport attribute. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting W...

WP Last Modified Info < 1.6.6 - Authenticated Stored XSS

When saving a new campaign, a user with administrator capabilities can store scripts in the plugin's options. The code can then be executed on every page or post on the website. PoC An administrator can store scripts in the "Custom Message to Display on Posts" text input field. Reason for this wa...

Insufficient URL Validation

LibreOffice is vulnerable to insufficient URL validation, allowing LibreLogo script execution...