EUVD-2023-12636

Malicious code in bioql PyPI...

CVE-2019-15083

Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator...

MAL-2025-2141 Malicious code in webauthn-codelab (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1db4dcddcb204fd78a848e02724ef26a5bac5da98f78246a3a90084b790868b6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Path traversal

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software...

CVE-2023-0598 GE Digital Proficy Code Injection

GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software...

CVE-2019-15083

Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator...

Visible Systems Razor 4.1 Password File Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/1424/info The Razor Configuration Management program stores passwords in an insecure manner. A local attacker can obtain the Razor passwords, and either seize control of the software and relevant databases or use those...

Ruby on Rails安全限制绕过和SQL注入漏洞

BUGTRAQ ID: 46292 CVE ID: CVE-2011-0448,CVE-2011-0449 Ruby on Rails简称RoR 或Rails，是一个使用Ruby语言写的开源Web应用框架，它是严格按照MVC结构开发的。 Ruby on Rails在实现上存在安全限制绕过和SQL注入漏洞，攻击者可利用安全限制绕过漏洞绕过某些安全限制和执行未授权操作，利用SQL注入漏洞修改SQL请求，完全控制受影响软件，检索信息或修改数据。 Ruby on Rails Ruby on Rails 3.x 厂商补丁： Ruby on Rails -------------...

CVE-2008-6859

Xigla Software Absolute Control Panel XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value...