31 matches found
MAL-2026-6075 Malicious code in opt-archetype-check (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6497b3f44c017bc9ba783cd75e17d4992f79542d8819558da92e152ee4d4471e On npm install, the package's postinstall hook executes node index.js, which collects the installer's public IP via api.ipify.org, hostname, username...
CVE-2019-25654
Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplying an excessively long string in the User domain field. Attackers can paste a malicious payload containing 7000 bytes of data into the domain configuration to trigger an...
PT-2026-29010
Name of the Vulnerable Software and Affected Versions Core FTP/SFTP Server version 1.2 Description Core FTP/SFTP Server version 1.2 contains a buffer overflow issue that allows attackers to disrupt the service by providing a long string in the User domain field. Attackers can insert a malicious...
Core FTP/SFTP Server 缓冲区错误漏洞
Core FTP/SFTP Server is a file transfer server software developed by Core FTP Corporation. Version 1.2 of Core FTP/SFTP Server contains a buffer error vulnerability. This vulnerability stems from a buffer overflow in the user domain field, which could allow attackers to cause the service to crash...
Security update for xrdp
This update for xrdp fixes the following issues: CVE-2025-68670: Fix a potential overflow when processing user domain information. bsc1257362 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you c...
SUSE-SU-2026:0433-1 Security update for xrdp
This update for xrdp fixes the following issues: - CVE-2025-68670: Fix a potential overflow when processing user domain information. bsc1257362...
SUSE SLES12 Security Update : xrdp (SUSE-SU-2026:0404-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:0404-1 advisory. - CVE-2025-68670: Fix a potential overflow when processing user domain information. bsc1257362 Tenable has extracted the preceding description block...
SUSE-SU-2026:0404-1 Security update for xrdp
This update for xrdp fixes the following issues: - CVE-2025-68670: Fix a potential overflow when processing user domain information. bsc1257362...
EUVD-2014-1152
Malware in sbrugna...
EUVD-2023-0289
Malicious code in bioql PyPI...
The vulnerability of the “Termide Virtual Desktops Connection Manager” software server, related to an authentication error, allows unauthorized access to user domain accounts.
The vulnerability of the “Termide Virtual Desktops Connection Manager” software server is related to an authentication error based on the Kerberos protocol. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to user account credentials...
CVE-2014-10381
The user-domain-whitelist plugin before 1.5 for WordPress has CSRF...
CVE-2025-40630
Open redirection vulnerability in IceWarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to redirect a user to any domain by sending a malicious URL to the victim, for example “ https://icewarp.domain.com///%2e%2e” https://icewarp.domain.com///%2e%2e” . This...
FAS - Users from 2-way trusted domain getting "incorrect username or password" on VDA login
Users from primary domain are able to be authenticated without issue. Users from Domain B, which is in a different forest and is trusted via 2-way trust, can authenticate with the storefront without issue. However, when launching a resource the CWA eventually loads a small window indicating the t...
PT-2024-22348
Name of the Vulnerable Software and Affected Versions: JupyterHub versions prior to 4.1.0 Description: The issue allows an attacker to achieve an XSS directly affecting a user's session by tricking them into visiting a malicious subdomain. This could lead to full access to the JupyterHub API and...
ActivityPub for WordPress < 1.0.0 - Contributor+ Stored XSS
Description The plugin does not escape user metadata before outputting them in mentions, which could allow users with a role of Contributor and above to perform Stored XSS attacks As a contributor, put the following payload in a post the payload will have to be updated accordingly to watch the...
Cross-site Scripting (XSS) - Stored in zikula/core
✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites 🕵️♂️ Proof of Concept // PoC.js 1- Go to -- https://demo.ziku.la/blocks/admin/block/edit/2 2- Go to Editor and link a test word with a link As...
CVE-2021-33617
Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response to a failed login request is null only when the username is invalid...
Cross site request forgery (csrf)
Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response to a failed login request is null only when the username is invalid...
WordPress user-domain-whitelist plugin cross-site request forgery vulnerability
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. user-domain-whitelist is a plugin that adds a black/white list of users. A cross-site request forgery vulnerability exists in the...