19 matches found
Extreme Management Center 8.4.1.24 - Cross-Site Scripting
Extreme Management Center 8.4.1.24 contains a cross-site scripting vulnerability via a parameter in a GET request. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...
Operation FlutterBridge Uses Fake Google Ads to Spread macOS Backdoor
Operation FlutterBridge uses fake Google ads and shell companies to deploy FlutterShell, a new macOS backdoor targeting unsuspecting users...
CVE-2023-28650
An unauthenticated remote attacker could provide a malicious link and trick an unsuspecting user into clicking on it. If clicked, the attacker could execute the malicious JavaScript JS payload in the target’s security context...
Israeli firm leaks database with addresses of millions of Americans
By Waqas Israeli marketing company Straffic has leaked personal sensitive data of millions of unsuspecting users mostly from the US and European countries. This is a post from HackRead.com Read the original post: Israeli firm leaks database with addresses of millions of Americans...
Clearview AI firm with photos of billions of unsuspecting users got HACKED
By Deeba Ahmed Clearview AI has billions of photos of innocent and unsuspecting users - Its entire list of clients was reportedly stolen by unknown hackers. This is a post from HackRead.com Read the original post: Clearview AI firm with photos of billions of unsuspecting users got HACKED...
CVE-2019-13511
Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. A maliciously crafted Arena file opened by an unsuspecting user may result in the limited exposure of information related to the targeted workstation...
CVE-2017-1000117
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim...
CVE-2017-1000117
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim...
Serendipity < 2.1.1 Multiple Vulnerabilities
According to its banner, the version of Serendipity running on the remote host is prior to 2.1.1. It is, therefore, affected by multiple vulnerabilities : - A stored cross-site scripting XSS vulnerability exists in the templates/2k11/admin/category.inc.tpl script due to improper validation of the...
e107 0.7.5 Subject field HTML injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18560/info The e107 CMS is prone to an HTML-injection vulnerability. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site whe...
Hackish 1.1 Blocco.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26167/info Hackish is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to execut...
ASPBB 0.5.2 profile.asp get Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/18025/info ASPBB is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...
phpMyAdmin <= 3.3.0 'db' Parameter Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/35531/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of a...
CcCounter 2.0 Index.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/23135/info CcCounter is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
Maian Uploader 4.0 - index.php keywords Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/29051/info Maian Uploader is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in t...
Executable File With Non-Executable File Extension Arbitrary File Execution
Certain malicious executable files can be hidden using arbitrary filename extensions. A remote attacker could exploit this vulnerability to entice unsuspecting users to execute arbitrary files...
CEScripts (Multiple Scripts) - Cross-Site Scripting
CEScripts Multiple Scripts - Cross-Site Scripting source: https://www.securityfocus.com/bid/18402/info CEScripts scripts are prone to multiple cross-site scripting vulnerabilities because they fail to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary...
RunCMS 1.x - Bigshow.php Cross-Site Scripting
RunCMS 1.x - Bigshow.php Cross-Site Scripting source: https://www.securityfocus.com/bid/16970/info RunCMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated HTML...
AltantForum 4.0.2 - Multiple Cross-Site Scripting Vulnerabilities
AltantForum 4.0.2 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/15887/info AtlantForum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker...