93 matches found
CVE-2017-20264
Joomla! Component Sponsor Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=comsponsorwall&task=click&wallid...
CVE-2017-20264
Summary: CVE-2017-20264 affects Joomla! Component Sponsor Wall 8.0. An SQL injection vulnerability exists in the wallid parameter via GET requests to index.php with option=com_sponsorwall&task=click&wallid, allowing unauthenticated attackers to execute arbitrary SQL and potentially exfiltrate cre...
EUVD-2017-18991
Joomla! Component Sponsor Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=comsponsorwall&task=click&wallid...
CVE-2017-20264
Joomla! Component Sponsor Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=comsponsorwall&task=click&wallid...
CVE-2017-20264 Joomla! Component Sponsor Wall 8.0 SQL Injection
Joomla! Component Sponsor Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=comsponsorwall&task=click&wallid...
CVE-2025-57823
A direct request 'forced browsing' vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least sponsor permissions to read and...
CVE-2025-57823
A direct request 'forced browsing' vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least sponsor permissions to read and...
CVE-2025-57823
A direct request 'forced browsing' vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least sponsor permissions to read and...
CVE-2025-57823
A direct request 'forced browsing' vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least sponsor permissions to read and...
CVE-2025-57823
CVE-2025-57823 affects Fortinet FortiAuthenticator 6.3–6.6.x (including 6.3, 6.4, 6.5, 6.6.0–6.6.6). It is a direct request (forced browsing) vulnerability that an authenticated user with sponsor permissions can use to read and download device logs by accessing specific endpoints. Impact is limit...
EUVD-2025-202275
A direct request 'forced browsing' vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least sponsor permissions to read and...
PT-2025-50117
Name of the Vulnerable Software and Affected Versions Fortinet FortiAuthenticator versions 6.3 through 6.6.6 Fortinet FortiAuthenticator version 6.5 Fortinet FortiAuthenticator version 6.4 Fortinet FortiAuthenticator version 6.6.0 through 6.6.6 Description An authenticated attacker with sponsor...
EUVD-2013-4330
Malware in sbrugna...
EUVD-2010-4245
Malware in sbrugna...
EUVD-2014-7864
Malware in sbrugna...
CVE-2013-2269
The Sponsorship Confirmation functionality in Aruba Networks ClearPass 5.x, 6.0.1, and 6.0.2, and Amigopod/ClearPass Guest 3.0 through 3.9.7, allows remote attackers to bypass intended access restrictions and approve a request by sending a guest request, then using "parameter manipulation" in...
WordPress HT Event plugin <= 1.4.7 - Authenticated (Contributor+) Sensitive Information Exposure via HT Event: Sponsor vulnerability
Authenticated Contributor+ Sensitive Information Exposure via HT Event: Sponsor vulnerability discovered by Ankit Patel in WordPress Plugin HT Event versions = 1.4.7...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Citrix Netscaler_Application_Delivery_Controller
CVE-2023-4966 An Exploitation script developed to exploit the...
M-02 Unmitigated
Lines of code Vulnerability details Mitigation of M-02: Issue not mitigated Link to Issue: code-423n4/2023-09-asymmetry-findings54 Comments The sponsor has acknowledged the issue but decided to not mitigate it. Acknowledged and did not fix, plan to upgrade a fix in the future --- The text was...
Attacks, Vulnerabilities and Actors 11 September to 17 September 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, a total of eight attacks were executed, along with eleven vulnerabilities discovered, and two different adversaries...