Vidar Infostealer Spreads via Fake CAPTCHAs, Hides in JPEG and TXT Files

New version of Vidar infostealer spreads via fake CAPTCHAs, hides in JPEG and TXT files, uses fileless attacks and steals browser, crypto wallet data...

EUVD-2017-5683

Malware in sbrugna...

CVE-2024-10585

CVE-2024-10585 affects the InfiniteWP Client plugin for WordPress. The vulnerability is a path traversal issue in all versions up to and including 1.13.0, exploitable via the historyID parameter of the “~/debug-chart/index.php” file, enabling unauthenticated reading of arbitrary .txt files outsid...

XenMobile: Supported File Formats with Quick Edit

Question and Answers Which all file formats are supported within Quick Edit? QuickEdit supports the following types of files: Microsoft Word – .doc and .docx Microsoft Excel – .xls and .xlsx Microsoft PowerPoint – .ppt and .pptx PDF TXT and RTF iOS only CSV iOS only GIF, JPEG, BMP, and PNG These...

Microsoft SharePoint Cross Site Scripting Vulnerability

This host is running Microsoft SharePoint Server and is prone to Cross Site Scripting vulnerability. OpenVAS Vulnerability Test $Id: gbmssharepointxssvuln.nasl 5323 2017-02-17 08:49:23Z teissa $ Microsoft SharePoint Cross Site Scripting Vulnerability Authors: Antu Sanadi Copyright: Copyright c 20...

Microsoft SharePoint <= 12.0.0.6421 XSS Vulnerability

Microsoft SharePoint Server is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only nb: While onl...

Cross site scripting

layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files aka attachments, which allows remote authenticated users to leverage same-origin relationships and...

CVE-2010-0716

layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files aka attachments, which allows remote authenticated users to leverage same-origin relationships and...

Cross-Site Scripting vulnerabilities in Invision Power Board

Hello 3APA3A! I want to warn you about new vulnerabilities in Invision Power Board. These are Cross-Site Scripting vulnerabilities. Attack is going via attachment at click on the attachment in the post at forum or on the link to this attachment. These are persistent XSS vulnerabilities. I know fo...

Directory traversal

Directory traversal vulnerability in RTEfilebrowser.asp in Web Wiz NewsPad 1.02 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\ in the sub parameter...

CVE-2008-0480

Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 and earlier allow remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\ in the sub parameter to 1 RTEfilebrowser.asp or 2 filebrowser.asp...

Directory traversal

Directory traversal vulnerability in RTEfilebrowser.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\ in the sub parameter in a save action...

CVE-2008-0479

Directory traversal vulnerability in RTEfilebrowser.asp in Web Wiz NewsPad 1.02 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\ in the sub parameter...

Directory traversal

Directory traversal vulnerability in index.php in Daverave Simplog 1.0.2 and earlier allows remote attackers to include or read arbitrary .txt files via the 1 act and 2 blogid parameters...

Improper access control

Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password...

CVE-2006-0843

Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password...

Directory traversal

Directory traversal vulnerability in index.php in Noah Medling RCBlog 1.03 allows remote attackers to read arbitrary .txt files, possibly including one that stores the administrator's account name and password, via a .. dot dot in the post parameter...

CVE-2006-0371

CVE-2006-0371 concerns RCBlog 1.03 (PHP) where index.php accepts a post parameter that is not properly sanitized, enabling a directory traversal attack. An attacker can use a .. in the post parameter to read arbitrary .txt files on the remote host, potentially exposing sensitive data such as the ...

PT-2006-1442 · Rcblog · Rcblog

Name of the Vulnerable Software and Affected Versions: RCBlog version 1.03 Description: A directory traversal issue exists, allowing remote attackers to read arbitrary .txt files by using a .. dot dot in the post parameter of the index.php file. This could potentially include accessing a file tha...