EUVD-2017-17398

Malware in sbrugna...

EUVD-2002-1429

Malware in sbrugna...

EUVD-2022-5398

Malicious code in bioql PyPI...

CVE-2002-2014

Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easier to conduct brute force attacks...

CVE-2022-46153

Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS...

Code execution vulnerability in multiple Mozilla products (CNVD-2024-37190)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in multiple Mozilla products that...

WordPress RSVPMaker 9.3.2 SQL Injection

!/bin/bash Set the URL of the website running the vulnerable plugin url="http://example.com/wp-content/plugins/rsvpmaker/rsvpmaker-email.php" Set the number of columns in the query columns=5 response=$curl -s "$url" query=$echo "$response" | grep -oP 'FROM . WHERE .' payload="' UNION SELECT...

CVE-2023-45510

tsMuxer version git-2539d07 was discovered to contain an alloc-dealloc-mismatch operator new vs operator delete error...

CVE-2023-41362

MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling interfered with this when using PCRE within PHP...

CVE-2023-23000

In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegraxusbfindportnode return value. Callers expect NULL in the error case, but an error pointer is used...

Unspecified Vulnerability in XWiki Platform

XWik Platform is a suite of Wiki platforms for creating Web collaboration applications from the French company XWiki. A security error vulnerability exists in XWiki Platform. An attacker exploited the vulnerability to cause a degradation in database performance...

GHSA-H6C8-RG87-F3PC Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users

The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for...

GHSA-RQXG-XVCQ-3V2F Out-of-bounds Write in OpenCV

OpenCV Open Source Computer Vision Library through 3.3 corresponding to OpenCV-Python and OpenCV-Contrib-Python 3.3.0.9 has an out-of-bounds write error in the FillColorRow8 function in utils.cpp when reading an image file by using cv::imread...

Privilege escalation

SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script...

Input validation

In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration txtSendmailPath parameter that allows authenticated attackers to achieve arbitrary command execution...

uWSGI < 2.0.17 - Directory Traversal

Exploit Title: uWSGI PHP Plugin Directory Traversal Date: 01-03-2018 Exploit Author: Marios Nicolaides - RUNESEC Reviewers: Simon Loizides and Nicolas Markitanis - RUNESEC Vendor Homepage: https://uwsgi-docs.readthedocs.io Affected Software: uWSGI PHP Plugin before 2.0.17 Tested on: uWSGI 2.0.12...

uWSGI < 2.0.17 - Directory Traversal Vulnerability

Exploit for php platform in category web applications Exploit Title: uWSGI PHP Plugin Directory Traversal Exploit Author: Marios Nicolaides - RUNESEC Reviewers: Simon Loizides and Nicolas Markitanis - RUNESEC Vendor Homepage: https://uwsgi-docs.readthedocs.io Affected Software: uWSGI PHP Plugin...

shopify-scripts: Use after free in mruby-mpdecimal

Running the following ruby script in mruby compiled with ASAN enabled causes a use after free error: x=inspect.tod-0 Output of mruby with ASAN: $ ./ext/enterprisescriptservice/mruby/bin/mruby crash.rb trace: 0 crash.rb:1 1...

WinImage DLL Hijacking

Hi @ll, the executable installer winima90.exe and previous versions available from loads and executes CRTdll.dll, UXTheme.dll, RichEd32.dll and WindowsCodecs.dll from its "application directory". Self-extracting executables created with WinImage load and execute CRTdll.dll, UXTheme.dll and MPR.dl...

ownCloud: apps.owncloud.com: Mixed Active Scripting Issue

I come across HTTPS security issue - compromises HTTPS security by loading images from non secure source in https://apps.owncloud.com/. Vulnerability Type: Mixed Active Scripting Issue Description: Mixed Active Content is content that has access to and can affect all or parts of the Document Obje...