EUVD-2018-3446

Malware in sbrugna...

Microsoft Word 2016 Multiple RCE Vulnerabilities (KB5002710)

This host is missing an important security update according to Microsoft KB5002710 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Mozilla Firefox Security Advisory (MFSA2016-84) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Oracle Java SE Security Update (oct2021) 03 - Windows

Oracle Java SE is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeSWITCH 1.10.5 SIP SUBSCRIBE Missing Authentication

FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default - Fixed versions: v1.10.7 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-08-freeswitch-SIP-SUBSCRIBE-without-auth - Vendor Security Advisory:...

Apache OFBiz XML-RPC Java Deserialization

This module exploits a Java deserialization vulnerability in Apache OFBiz's unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for versions prior to 17.12.01 using the ROME gadget chain. Versions up to 18.12.11 are exploitable utilizing an auth bypass CVE-2023-51467 and use the...

MailDepot 2033 2.3.3022 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2020-037 Product: MailDepot Manufacturer: REDDOXX GmbH Affected Versions: 2033 2.3.3022 Tested Versions: 2033 2.3.3022 Vulnerability Type: Persistent Cross-site Scripting CWE-79 Risk Level: High Solution Status: Open Manufacturer...

PyroBatchFTP < 3.19 - Buffer Overflow Exploit

Exploit for windows platform in category dos / poc ============================================= MGC ALERT 2018-001 - Original release date: December 22, 2017 - Last revised: January 12, 2018 - Discovered by: Manuel García Cárdenas - Severity: 7,5/10 CVSS Base Score...

Sync Breeze 10.2.12 - Denial of Service Exploit

Exploit for windows platform in category dos / poc ============================================= MGC ALERT 2017-007 - Original release date: November 30, 2017 - Last revised: December 14, 2017 - Discovered by: Manuel García Cárdenas - Severity: 7,5/10 CVSS Base Score - CVE-ID: CVE-2017-17088...

Sync Breeze 10.2.12 - Denial of Service

============================================= MGC ALERT 2017-007 - Original release date: November 30, 2017 - Last revised: December 14, 2017 - Discovered by: Manuel García Cárdenas - Severity: 7,5/10 CVSS Base Score - CVE-ID: CVE-2017-17088 ============================================= I...

WordPress Spider Event Calendar 1.5.51 Blind SQL Injection

============================================= MGC ALERT 2017-003 - Original release date: April 06, 2017 - Last revised: April 10, 2017 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,1/10 CVSS Base Score ============================================= I. VULNERABILITY...

MatrixSSL contains multiple vulnerabilities

Overview MatrixSSL, version 3.8.5 and earlier, contains heap overflow, out-of-bounds read, and unallocated memory free operation vulnerabilities. Description CWE-122: Heap-based Buffer Overflow - CVE-2016-6890The Subject Alt Name field of X.509 certificates is not properly parsed. A specially...

WSO2 SOA Enablement Server XML External Entity Injection

Title: WSO2 SOA Enablement Server - XML External Entity Injection Authors: Pawel Gocyla, Jakub Palaczynski Date: 08. June 2016 Affected Software: ================== WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 Probably other versions are also vulnerable. Vulnerability: XML...

eCardMAX 10.5 - Multiple Vulnerabilities

Exploit for php platform in category web applications eCardMAX 10.5 SQL Injection and XSS Vulnerabilities Software - eCardMAX 10.5 Vendor - eCardMAX.COM - http://www.ecardmax.com/ Vendor Product Description - eCardMax is the most trusted, powerful and dynamic online ecard software solution. It...

Netgear Prosafe VPN Firewalls - Multiple vulnerabilities

About Encripto AS ================= Encripto is a Norwegian company which provides specialized services within IT-security. Our core expertise is security testing, network security monitoring and training. Encripto is committed to information security. We do research to discover trends, new...

Moodle 2.7 - Persistent Cross-Site Scripting

Title: Moodle 2.7 Persistent XSS Vendor: https://moodle.org/ Moodle advisory: https://moodle.org/mod/forum/discuss.php?d=264265 Researched by: Osanda Malith Jayathissa @OsandaMalith E-Mail: osandacatunseen.is Original write-up: http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xs...

QK SMTP <= 3.01 (RCPT TO) Remote Buffer Overflow Exploit

No description provided by source. / . \ \ \ \ | | / | | | | \ / / /\ \ / \ | | \ / | |/ | |/ / \ / \ | / \ // | Y / ^ /\ | //\ \ /| / / || /\ | \ | \ / / / / 25\10\06 / || / / mm. dM8 YMMMb. dMM8 YMMMMb dMMM' YMMMb dMMMP There are doors I have yet to open YMMM MMM' windows I have yet...

CORE-2013-0704 - Vivotek IP Cameras RTSP Authentication Bypass

Core Security - Corelabs Advisory http://corelabs.coresecurity.com Vivotek IP Cameras RTSP Authentication Bypass 1. Advisory Information Title: Vivotek IP Cameras RTSP Authentication Bypass Advisory ID: CORE-2013-0704 Advisory URL:...

phlyLabs phlyMail Lite 4.03.04 Path Disclosure and Stored XSS Vulnerabilities

Summary phlyMail offers you an interface in the browser to have access to your emails, contacts, appointments, tasks, files and bookmakrs from anyhwere, where you have internet access. This can be your home, workplace, train station, abroad, offroad, in the woods or your own backyard. Description...

Achievo 1.4.2 - Persistent Cross-Site Scripting

Affected Platforms: Any running Achievo Severity: Medium – CVSS: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Vendor Status: New release available Achievo 1.4.3 Reference to Vulnerability Disclosure Policy: http://www.cybsec.com/vulnerabilitypolicy.pdf Vulnerability Description: A permanent Cross Site Scriptin...