CVE-2026-40470 Hackage package and doc upload stored XSS vulnerability

A critical XSS vulnerability affected hackage-server and hackage.haskell.org. HTML and JavaScript files provided in source packages or via the documentation upload facility were served as-is on the main hackage.haskell.org domain. As a consequence, when a user with latent HTTP credentials browses...

CVE-2016-10797

cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certificate" page visitors to list all server domains SEC-133...

CVE-2018-25117

VestaCP commit a3f0fa1 2018-05-31 up to commit ee03eff 2018-06-13 contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to installation of Linux/ChachaDDoS, a multi-stage DDoS bot...

CVE-2018-25117

CVE-2018-25117 concerns VestaCP Debian Installer maldocs. From 2018-05-31 to 2018-06-13, the installer was tainted with embedded malicious code causing a supply-chain compromise. New installations from compromised installers since May 2018 installed Linux/ChachaDDoS, a multi-stage DDoS bot that u...

CVE-2020-15051

An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task Description fields...

CVE-2024-32966 Stored Cross-site Scripting in directory listings via file names in static-web-server

Static Web Server SWS is a tiny and fast production-ready web server suitable to serve static web files or assets. In affected versions if directory listings are enabled for a directory that an untrusted user has upload privileges for, a malicious file name like .txt will allow JavaScript code...

Static Web Server 安全漏洞

Static Web Server is a static web server from the German company Static Web Server. A security vulnerability exists in Static Web Server SWS versions 2.28.0 and earlier that originates from a vulnerability that allows an attacker to upload a malicious filename to execute JavaScript code in the we...

dotnet: NuGet Credential leak due to loss of control of third party symbol server domain

.NET and Visual Studio Information Disclosure Vulnerability...

dotnet: NuGet Credential leak due to loss of control of third party symbol server domain

.NET and Visual Studio Information Disclosure Vulnerability...

Cross site scripting

An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task Description fields...

CVE-2020-15051

An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task Description fields...

CVE-2020-13159

Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclientmac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818...

Command injection

Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclientmac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818...

CVE-2020-13159

Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclientmac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818...

CVE-2020-13159

CVE-2020-13159 concerns Artica Proxy, before 4.30.000000 Community Edition, allowing OS command injection via user-controllable fields: Netbios name, Server domain name, dhclient_mac, Hostname, or Alias. The issue stems from constructing OS commands from unfiltered input, enabling remote code exe...

Sphinx Malware Returns to Riddle U.S. Targets, with Modifications

The Zeus Sphinx banking trojan has seen a recent resurgence in the United States, sporting some modifications and using COVID-19 spam as a lure. Sphinx re-emerged in December but saw a big spike in March via the use of coronavirus themes. Since April, it has been seen attacking U.S. targets with ...

Graftor - But I Never Asked for This…

This post is authored by Holger Unterbrink and Matthew MolyettOverviewFree software often downloaded from large freeware distribution sites is a boon for the internet, providing users with functionality that otherwise they would not be able to use. Often users, happy that they are getting somethi...

EAP: Sensitive data can be exposed at the server level in domain mode

It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information...

DZ! sodb-2 0 0 8-1 3 EXP published-vulnerability warning-the black bar safety net

!/ usr/bin/php ? php / Discuz! 6. x/7. x SODB-2 0 0 8-1 3 Exp By www.80vul.com Notes the value of the variable, add your own modifications / $host = ‘www.80vul.com’; // Server domain or IP $path = ‘/discuz/’; // Where the program path $key = 0; // The above variable is edited, make will the value...