Aptsys Gemscms POS Platform security vulnerabilities

Aptsys Gemscms POS Platform is a catering management system developed by the Indian company Aptsys. There is a security vulnerability in the Aptsys Gemscms POS Platform. This vulnerability arises from the PHP backend, which triggers detailed error messages when processing specially crafted HTTP...

CVE-2017-18556

The bws-google-analytics plugin before 1.7.1 for WordPress has multiple XSS issues...

EUVD-2017-9643

Malware in sbrugna...

EUVD-2008-4966

Malware in sbrugna...

EUVD-2016-2573

Malware in sbrugna...

EUVD-2021-11394

Malware in sbrugna...

CVE-2021-24610

The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trpsanitizestring' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored...

Cross site scripting

The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it coul...

MGASA-2017-0142 Updated webmin packages fix security vulnerability

The webmin package has been updated to version 1.840, which fixes cross-site scripting XSS issues, and has other bug fixes and enhancements. See the upstream release announcements and change log for details...

MGASA-2015-0202 Updated wordpress packages fix security vulnerabilities

Updated wordpress packages fixes security vulnerabilities: The wordpress package has been updated to version 3.9.6, which fixes multiple cross-site scripting issues, including CVE-2015-3440, and other bugs. Note that upstream has advised us that WordPress 3.9.x is no longer supported. As this...

Adam Webb NukeJokes 1.7/2.0 Module modules.php jokeid Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/10306/info It has been reported that the NukeJokes module is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input...

Pligg CMS 9.9.0 - Cross-Site Scripting Local File Inclusion SQL Injection

Pligg CMS 9.9.0 - Cross-Site Scripting Local File Inclusion SQL Injection GulfTech Security Research July 30, 2008 Vendor : Pligg LLC URL : http://www.pligg.com/ Version : Pligg alertdocument.cookie; The above example link would display the end users cookie to them. Of course this can also be use...

vSpin Classified System 2004 - cat.asp?cat SQL Injection

vSpin Classified System 2004 - cat.asp?cat SQL Injection source: https://www.securityfocus.com/bid/21190/info vSpin Classified System is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because the application fails to sufficiently...

php < 4.3.8

The remote host is running a version of PHP 4.3 which is older or equal to 4.3.7. There is a bug in the remote version of this software which may allow an attacker to execute arbitrary code on the remote host if the option memorylimit is set. Another bug in the function striptags may allow an...

paFaq10beta4.txt

GulfTech Security Research June 20th, 2005 Vendor : php Arena URL : http://www.phparena.net/pafaq.php Version : paFAQ 1.0 Beta 4 Risk : Multiple Vulnerabilities Description: paFAQ is a FAQ/Knowledge base system that allows webmasters to keep an organized database of Frequently Asked Questions; a...

paFileDB <= 3.1 Multiple Vulnerabilities (2)

The remote host is running a version of paFileDB that is prone to a wide variety of vulnerabilities, including arbitrary file uploads, local file inclusion, SQL injection, and cross-site scripting issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

IBM eGatherer/IBM acpRunner ActiveX multiple bugs

Unsafe methods allows disk access and scripting...

IE 5 security vulnerablity - circumventing Cross-frame security policy using Java/JavaScript &#40;and disabling Active Scripting is not that easy&#41;

Georgi Guninski security advisory 10, 2000 IE 5 security vulnerablity - circumventing Cross-frame security policy using Java/JavaScript and disabling Active Scripting is not that easy Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual...