Astra Linux - уязвимость в firefox, thunderbird

Under certain circumstances, asynchronous functions could cause a navigation failure while exposing the target URL. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google, known for being fast, secure and personalized, with support for multi-device synchronization and smart tool integration. Google Chrome suffers from an integer overflow vulnerability that stems from the program failing to properly check for integ...

CVE-2022-49053

In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmu: Fix possible page UAF tcmutrygetdatapage looks up pages under cmdrlock, but it does not take refcount properly and just returns page pointer. When tcmutrygetdatapage returns, the returned page may have been...

PT-2024-36018 · Winnmp · Winnmp

Name of the Vulnerable Software and Affected Versions: WinNMP version 19.02 Description: A vulnerability has been discovered that allows for an XSS attack via the /tools/redis.php page, specifically in the k, hash, key, and p parameters. This could enable a remote user to submit a specially craft...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. An information disclosure vulnerability exists in the Linux kernel. The vulnerability is caused due to data corruption associated with the addition of srcoff when deleting a...

CVE-2022-29547

The CreateRedirect extension before 2022-04-14 for MediaWiki does not properly check whether the user has permissions to edit the target page. This could lead to an unauthorised or blocked user being able to edit a page...

Invicti Acunetix 安全漏洞

Invicti Acunetix is an application security testing tool from Invicti Corporation, USA. designed to help small and medium-sized organizations around the world take control of their network security. Invicti Acunetix has a security vulnerability that allows CSV injection by adding a description...

SQL injection vulnerability in ar***.php page of Xiamen Eltong Network Technology Co.

Ltd. is the authorized general agent of Baidu in Xiamen, Zhangzhou, Quanzhou, Longyan, Huizhou, Shantou, Shanwei, Chaozhou and Meizhou. Xiamen Eltong Network Technology Co., Ltd. building system ar.php page SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive...

SQL injection vulnerability exists in the page /target/lres/special/index.html?special_id=30 of the generic reader education system of Nanjing Oncor Technology Co.

Nanjing Oncor Technology Co., Ltd Esmay Reader Education System is a set of library reader education system. The system /target/lres/special/index.html?specialid=30 page has a SQL injection vulnerability. An attacker can remotely exploit the vulnerability to obtain sensitive database information...

WordPress Plugin Kento Post View Counter 2.8 - Cross-Site Request Forgery / Cross-Site Scripting

I would like to disclose CSRF and stored XSS vulnerability in Kento post view counter plugin version 2.8 . The vulnerable Fields for XSS are kentopvcnumberslang kentopvctodaytext kentopvctotaltext The combination of CSRF and XSS in this plugin can lead to huge damage of the website, as the two...

Carefully timed reloads, redirects, and navigation can spoof the address field – Opera Security Advisories

The address field should always show the address of the page that is being displayed. Certain types of navigation, combined with reloads and redirects to a slowly-responding target site can cause the address field to show the target site’s address, while the attacking site is still being displaye...

Pages can prevent navigation to a target page, spoofing the address field – Opera Security Advisories

When a user types a new URL for the browser to load, the currently active page may detect when the new page is about to load and prevent the navigation, while still leaving the new URL displayed in the address bar. This can then be used to spoof the URL of the target page. The malicious page woul...

Comfortsuite SQL Injection

|=----=----=----=----=----=--------=| | | | /\ /\ \ /\ /\ \ | | //\ /\ \ \L\ \ \ \ \ Turki$ hackers | | \ \ \ \ \ '\ \ \ | | \ \ \ \ \ \L\ \ \ \ \ \ | | \ \ \ / \ \ \ | | // // //// | | | | | |=----=----=----=----=----=--------=|...

Joomla! Component com_bookflip - 'book_id' SQL Injection

!/usr/bin/perl -w Joomla combookflipbookid Sql injection Author : boom3rang Greetz : H!tm@N - KHG - cHs - LiTTLE-HaCkEr - SpywarrioR - cRu3l.b0y - Lanti-Net - urtan --------------------------------------- ! BookFlip ! Juin 2008 ! FCI F-Cimag-In ! Ce composant est distribué gratuitement. !...

Joomla com_phocadocumentation (id) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications =============================================================== Joomla comphocadocumentation id Remote SQL Injection Exploit =============================================================== !/usr/bin/perl -w Joomla comphocadocumentation Sql...

shahrood-sql.txt

======================================================== == Shahrood ndetail.php id Blind SQL Injection Vulnerability ======================================================== == AuThOr : BazOka-HaCkEr == EmaiL : [email protected] == HomE : www.TrYaG.cc/cc...

communitycms-rfi.txt

Persian Boys Hacking Team -:- 2008 -:- IRAN + - + - discovered by N3TR00T3R at Y! dot com + - communitycms-0.1 Remote File Includion + - download :http://sourceforge.net/project/showf...roupid=223968 + - sp tnx : Sp3shial,Veroonic4,GodMasterhacker,areptil,Ciph 3r,shayancmd +...