218 matches found
MAL-2022-3435 Malicious code in grabathon-v7 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b20bc42c969f96b1d79a146ef18d4b4619bba13d4890a697ac9ad00ea1e332c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6028 Malicious code in service-bus-v7 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f0430c5da0aed69e8440b355fa123049561313969a9ecc722dd25ee5a82db5b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in service-bus-v7 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f0430c5da0aed69e8440b355fa123049561313969a9ecc722dd25ee5a82db5b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in discord.js-selfbot-v7 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 285cfcdcbedb764ff3e87b50b041c8a5e05a005039a4802dc24bf53d177764dc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Siemens PROFINET Stack Integrated on Interniche Stack Uncontrolled Resource Consumption (CVE-2022-25622)
A vulnerability has been identified in SIMATIC CFU DIQ All versions, SIMATIC CFU PA All versions, SIMATIC S7-1500 CPU family incl. related ET200 CPUs and SIPLUS variants All versions V2.0.0, SIMATIC S7-300 CPU family incl. related ET200 CPUs and SIPLUS variants All versions, SIMATIC S7-400 H V6 C...
Drupal avatar_uploader v7.x-1.0-beta8 - Cross Site Scripting Vulnerability
Exploit Title: Drupal avataruploader v7.x-1.0-beta8 - Cross Site Scripting XSS Author: Milad karimi Software Link: https://www.drupal.org/project/avataruploader Version: v7.x-1.0-beta8 Tested on: Windows 10 CVE: N/A 1. Description: This plugin creates a avataruploader from any post types. The...
Information Disclosure
IBM MQ is vulnerable to information disclosure. The vulnerability exists due to a data leak from an error message within the pre-v7 pubsub logic...
CVE-2020-20943
A Cross-Site Request Forgery CSRF in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL...
CVE-2020-20946
Qibosoft v7 contains a stored cross-site scripting XSS vulnerability in the component /admin/index.php?lfj=friendlink&action=add...
CVE-2020-20944
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files...
CVE-2020-20945
A Cross-Site Request Forgery CSRF in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts...
Cross site request forgery (csrf)
A Cross-Site Request Forgery CSRF in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts...
Design/Logic Flaw
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files...
Cross site request forgery (csrf)
A Cross-Site Request Forgery CSRF in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL...
Cross site scripting
Qibosoft v7 contains a stored cross-site scripting XSS vulnerability in the component /admin/index.php?lfj=friendlink&action=add...
CVE-2020-20946
Qibosoft v7 contains a stored cross-site scripting XSS vulnerability in the component /admin/index.php?lfj=friendlink&action=add...
CVE-2020-20946
CVE-2020-20946 affects Qibosoft v7 (CMS) with a stored XSS vulnerability in the admin path /admin/index.php?lfj=friendlink&action=add. The root cause is input data not validated in the friendlink/add handler, enabling injected client-side script execution. CVSS metrics indicate a Low to Medium ov...
CVE-2020-20945
A Cross-Site Request Forgery CSRF in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts...
CVE-2020-20944
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files...
CVE-2020-20944
Qibosoft v7 is affected by an arbitrary file deletion vulnerability via /admin/index.php?lfj=mysql&action=del. The root cause is the action=del parameter enabling deletion, as described in PT-2021-10556. Impact: potential unauthorized file removal. Remediation: restrict access to the /admin/index...