14 matches found
EUVD-2003-1298
Malware in sbrugna...
EUVD-2005-0208
Malware in sbrugna...
CVE-2012-4071
Cross-site scripting XSS vulnerability in the comments module in the RSGallery2 comrsgallery2 component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBCode markup in a comment...
Moodle allows attackers to modify the visibility of a badge
badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the user to whom a badge was issued, which allows remote authenticated users to modify the visibility of an arbitrary badge via unspecified vectors...
XML Signature/Encryption Not Validated in Apache CXF
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...
Joomla 2.5.x < 3.10.7 / 4.0.x < 4.1.1 Multiple Vulnerabilities (5857-joomla-4-1-1-and-3-10-7-release)
According to its self-reported version, the instance of Joomla! running on the remote web server is 2.5.x prior to 3.10.7 or 4.0.x prior to 4.1.1. It is, therefore, affected by multiple vulnerabilities. - An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an...
Joomla 2.5.x < 3.9.14 Multiple Vulnerabilities (5781-joomla-3-9-14)
According to its self-reported version, the instance of Joomla! running on the remote web server is 2.5.x prior to 3.9.14. It is, therefore, affected by multiple vulnerabilities. - Missing access check in framework files could lead to a path disclosure. CVE-2019-19845 - The lack of validation of...
Stack overflow
A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable in liblouis. An attacker could create a malicious file that would cause applications that use liblouis such as Orca to crash, or potentially execute arbitrary code when opened...
Joomla! 2.5.x < 3.8.9 Multiple Vulnerabilities
According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - Local file inclusion with PHP 5.3 affects Joomla 2.5.0 through 3.8.8 - XSS vulnerability in language switcher module affects Joomla 1.6.0 through 3.8.8 Note that the scanner...
Infinite Automation Mango Automation Arbitrary Command Execution Vulnerability
Infinite Automation Mango Automation is the United States Infinite Automation Systems, Inc. of a set of open source Web-based SCADA data acquisition and supervisory control, HMI and automation software. Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430, has an arbitrary...
Information disclosure
Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information via a series of requests...
osCmax 2.5.X Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for php platform in category web applications + Author: TUNISIAN CYBER + Exploit Title: osCmax 2.5.X Cross-Site Request Forgery Add Admin Vulnerability + Date: 15-03-2014 + Category: WebApp + Version: 2.5.X + Tested on: KaliLinux/Windows 7 Pro + CWE: CWE-302 + Vendor: http://www.oscmax.co...
Joomla! 2.5.x < 2.5.14 / 3.x < 3.1.5 .php. File Upload RCE
According to its self-reported version number, the Joomla! installation running on the remote web server is 2.5.x prior to 2.5.14 or 3.x prior to 3.1.5. It is, therefore, affected by a remote code execution vulnerability due to a failure by the administrator/components/commedia/helpers/media.php...
Atlassian Crowd XXE Vulnerability (CWD-3366) - Active Check
Atlassian Crowd is prone to an XML external entity XXE vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...