EUVD-2021-20885

Malware in sbrugna...

X2000R URL Address Parameter Cross-Site Scripting Vulnerability at Gion Electronics (Shenzhen) Co.

The X2000R is a wireless router from China's Gion Electronics TOTOLINK. Ltd. X2000R version 1.0.0-B20230726.1108 suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter URL Address, which can be exploite...

CVE-2021-34223

Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field...

BIT-GRAFANA-2022-26148

An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the apijsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in...

The vulnerability of the ChangePasswordAction function in the Active Directory management software Zoho ManageEngine ADManager Plus, related to errors in processing the invoked URL address, allows a malicious actor to execute arbitrary code.

The vulnerability of the ChangePasswordAction function in the Zoho ManageEngine ADManager Plus software exists due to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...

Design/Logic Flaw

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, custom GeoJSON map URL address would follow redirects to addresses that were otherwise disallowed, like link-local or private-network. This issue is patched in versions...

CVE-2022-26148

A flaw was found in Grafana when integrated with Zabbix. The Zabbix password can be found in the apijsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right-click to view the source code and use Ctrl-F to search for the password in apijsonrpc.php to...

CVE-2022-26148

An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the apijsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in...

CVE-2022-26148

An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the apijsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in...

CVE-2021-40835

An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS. When user clicks on a specially crafted a malicious URL, if user does not carefully pay attention to url, user may be tricked to think content may be coming from a valid domain, while it comes from another. This is...

CVE-2021-40835

CVE-2021-40835 affects F-Secure Safe Browser for iOS. The issue is an URL address bar spoofing vulnerability where a specially crafted URL with an extremely long username part can mislead users into thinking content comes from a valid domain. The described root cause is that the username portion ...

Cross site scripting

Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field...

CVE-2007-4225

Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion...

WebDrive 12.2 (B4172) - Buffer Overflow (PoC)

WebDrive 12.2 B4172 - Buffer Overflow PoC Document Title: =============== WebDrive 12.2 B4172 - Buffer Overflow Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1500 Release Date: ============= 2015-06-01 Vulnerability Laboratory ID VL-ID:...

WebDrive 12.2 Buffer Overflow

Document Title: =============== WebDrive 12.2 B4172 - Buffer Overflow Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1500 Release Date: ============= 2015-06-01 Vulnerability Laboratory ID VL-ID: ==================================== 1500...

WebDrive 12.2 (B4172) - Buffer Overflow Vulnerability

Document Title: =============== WebDrive 12.2 B4172 - Buffer Overflow Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1500 Release Date: ============= 2015-06-01 Vulnerability Laboratory ID VL-ID: ==================================== 1500...

ddrLPD 1.0 - Remote Denial of Service

source: https://www.securityfocus.com/bid/39904/info ddrLPD is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. ddrLPD 1.0 is vulnerable; other versions may also be affected...

Kaspersky 2010 - Remote Memory Corruption / Denial of Service (PoC)

Description ============ The vulnerability affects Kaspersky Internet Security 2010 9.0.0.459 antivirus and its brother, the Kaspersky Antivirus 2010 9.0.0.463 version. The exploit was discovered on August 18th 2009. The problem with these two antivirus versions appears when parsing a URL address...

Mozilla Thunderbird Multiple Vulnerabilities Mar-09 (Linux)

The host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbthunderbirdmultvulnmar09lin.nasl 4892 2016-12-30 15:39:07Z teissa $ Mozilla Thunderbird Multiple Vulnerabilities Mar-09 Linux Authors: Sharath S Copyright: Copyright c 2009...

Mozilla Seamonkey Multiple Vulnerabilities (Mar 2009) - Windows

Mozilla Seamonkey browser is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...