20 matches found
EUVD-2013-4178
Malware in sbrugna...
EUVD-2025-24741
Malicious code in bioql PyPI...
CVE-2025-58362
Hono web framework (versions 4.8.0–4.9.5) contains a flaw in the getPath utility (parsing in utils/url.ts) that can cause path confusion when handling certain malformed absolute-form Request-URIs, potentially bypassing proxy-level ACLs (e.g., Nginx location blocks). The root cause is reliance on ...
CVE-2025-30998
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Rico Macchi WP Links Page wp-links-page allows SQL Injection.This issue affects WP Links Page: from n/a through = 4.9.6...
WordPress plugin WP Links Page SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WP Links...
CVE-2024-27094 OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
OpenZeppelin Contracts is a library for secure smart contract development. The Base64.encode function encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The...
WordPress ChatBot Plugin 4.8.6-4.9.6 is vulnerable to Cross Site Scripting (XSS)
Software ChatBot Type Plugin Vulnerable versions 4.8.6-4.9.6 Fixed in 4.9.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5606 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5c671cd5cf6e Credits Huynh Tien Si Required...
SUSE CVE-2019-3880
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions...
SUSE CVE-2020-26935
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query...
phpMyAdmin: Multiple vulnerabilities
Background phpMyAdmin is a web-based management tool for MySQL databases. Description Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is n...
OPENSUSE-SU-2020:1675-1 Security update for phpMyAdmin
This update for phpMyAdmin fixes the following issues: - phpMyAdmin was updated to 4.9.6 CVE-2020-26934: Fixed an XSS relating to the transformation feature boo1177561. CVE-2020-26935: Fixed an SQL injection in SearchController boo1177562...
Stored Cross-Site Scripting Vulnerability in CatFishCMS V4.9.6
CatfishCMS is an open source content management system CMS written in PHP. A stored cross-site scripting vulnerability exists in CatFishCMS V4.9.6. An attacker can insert malicious js code into a page to obtain user cookies and other information, leading to user hijacking...
DEBIAN-CVE-2019-3880
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions...
CVE-2018-18435
KioWare Server
WordPress Arbitrary File Deletion Vulnerability (Jun 2018) - Linux
WordPress is prone to an arbitrary file deletion vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free softwar...
WordPress Arbitrary File Deletion Vulnerability (Jun 2018) - Windows
WordPress is prone to an arbitrary file deletion vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free softwar...
DEBIAN-CVE-2017-5547
drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIGVMAPSTACK option, which allows local users to cause a denial of service system crash or memory corruption or possibly have unspecified other impact by leveraging use of more than one virtual page...
Mozilla Firefox and others: Update to Firefox 20.0 release (important)
The Mozilla suite received security and bugfix updates: Mozilla Firefox was updated to version 20.0. Mozilla Thunderbird was updated to version 17.0.5. Mozilla Seamonkey was updated to version 17.0.5. Mozilla XULRunner was updated to version 17.0.5. mozilla-nss was updated to version 3.14.3...
nukeditXSS.txt
Title : Nukedit Login.ASP Cross-Site Scripting Vulnerability Description : Nukedit is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. Software : http://www.nukedit.com/ Author : d3hydr8 Contact : d3hydr8atgmaildotcom Original...
Nukedit CMS <= 4.9.6 Unauthorized Admin Add Exploit
Exploit for unknown platform in category web applications =================================================== Nukedit CMS Kapda HTML PoC For Nukedit Kapda HTML PoC For Nukedit Discovered and coded by 3nitro - farhadkey AT kapda dot ir Change the form's action in source :...