15 matches found
EUVD-2022-48080
Malicious code in bioql PyPI...
EUVD-2024-16872
Malicious code in bioql PyPI...
EUVD-2022-42733
Malicious code in bioql PyPI...
CVE-2024-10723 Stored XSS in phpipam/phpipam
A stored cross-site scripting XSS vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the destination address field of the NAT tool, which can be executed when a user interacts with the field. The impact of this...
CVE-2024-10723
CVE-2024-10723 describes a stored XSS in phpIPAM 1.5.2 where malicious scripts can be injected into the NAT tool’s destination address field and executed when interacted with. Reported impact includes cookie theft, unauthorized account access, and redirection to malicious sites. The vulnerability...
CVE-2024-1097
A stored cross-site scripting XSS vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating a new report. An attacker can inject malicious scripts, which are then executed in the context of other users who view the report,...
A Day in the Life of a Prolific Voice Phishing Crew
Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate...
CVE-2023-41326
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A logged user from any profile can hijack the Kanban feature to alter any user field, and end-up with...
CVE-2023-0624
OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...
LIVEBOX Collaboration vDesk 安全漏洞
LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk prior to version v018, which stems from an authorization logic flaw that can be exploited by an attacker to perform a privilege escalation to the administrator role and...
CVE-2022-3348 Exposure of Sensitive Information to an Unauthorized Actor in tooljet/tooljet
Just like in the previous report, an attacker could steal the account of different users. But in this case, it's a little bit more specific, because it is needed to be an editor in the same app as the victim...
PT-2022-21782 · Git +1 · Tooljet +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: An attacker could steal the account of different users, but in this case, it is more specific because the attacker needs to be an editor in the same app...
Thunder 5 and explosion vulnerability-vulnerability warning-the black bar safety net
According to a reliable tip-off, the thunder 5 and this time how much a word appears serious 0-Day vulnerability, virus authors can exploit the vulnerability to write malicious web pages, when used to browse these pages, you will be infected with the virus, then the virus can theft of user accoun...
phpx324.txt
PHPX 3.2.4 http://www.phpx.org Versions Affected: PHPX 2.x - 3.2.4 Type of bug: Session Hi-jacking/Admin Access via Cookies Impact: Ability to steal another users account Found-by: HelloWorld Ryan Wray Vendor: Notified Table Of Contents ===================== 1 The Program 2 The Problem 3 The Proo...
CVE-2002-2384
hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in cleartext in the hotfoon2 registry key, which allows local users to gain access to user accounts and steal phone service...