CVE-2025-27853

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser. The WebSockets used to communicate with the WDU server do not enforce any authentication. An...

EUVD-2017-15861

Malware in sbrugna...

Vastgota-data ProVide Cross-Site Scripting Vulnerability

Vastgota-data ProVide is a file transfer server with a graphical user interface from the Swedish company Vastgota-data. A cross-site scripting vulnerability exists in Vastgota-data ProVide now Farsight Tech Nordic AB ProVide version 14.5, which can be exploited by an attacker to inject malicious...

SQL injection vulnerability in in***.php page of Hefei Seven Gang Network Technology Co.

Ltd. is mainly engaged in website construction product development and services. The in.php page of the Hefei Seven Help Network Technology Co., Ltd. website building system has a SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive information in the database...

Cross-site Scripting (XSS)

Foreman is vulnerable to cross-site scripting attacks. Remote unauthenticated attacker could exploit the Facts Submission component by injecting arbitrary html and script code into the web site which would alter the appearance and make it possible to initiate further attacks against site visitors...

SQL Injection Vulnerability in Internet World Wide Web Site Building System

Ltd. is engaged in website construction business, "Interconnection of the World Wide Web" is the company has the Internet service brand, is a commitment to the Internet technology services website. There is a SQL injection vulnerability in the website construction system of Interlink. The...

Code injection

IBM Spectrum Control formerly Tivoli Storage Productivity Center 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site...

CVE-2016-3375

The OLE Automation mechanism and VBScript scripting engine in Microsoft Internet Explorer 9 through 11, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow remote attackers to...

CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin

Vulnerability title: Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin CVE: CVE-2015-7320 Vendor: WordPress DWBooster Product: Appointment Booking Calendar Affected version: 1.1.7 Fixed version: 1.1.8 Reported by: Iberia Medeiros Vulnerability Details:...

CVE-2015-0127

IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 does not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks via a crafted...

PHPX 3.x admin/news.php CSRF Arbitrary Command Execution

No description provided by source. source: http://www.securityfocus.com/bid/10284/info It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properly validate access to administrative command...

Beehive Forum 0.6.2 - Multiple HTML Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/16002/info Beehive Forum is prone to multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content...

3 6 0 web site security detection score may be forgery vulnerability-vulnerability warning-the black bar safety net

Detailed description: Testing Server site when the administrator to view the log, access to the ip, the seal off can. in. Vulnerability proof: I sealed the ip section is: deny 218.30.117.0/2 4; deny 182.118.33.0/2 4; deny 123.125.160.0/2 4; ! Repair solutions: I would also like to see this produc...

Scammers Hop On Social Media Darling Pinterest

If the folks behind the photo sharing Web site Pinterest were looking for some validation that their fledgelings social media site had “arrived,” they got it this weekend, after scammers jumped on the site and used it to direct Pinterest users to survey scam Web sites. Trend Micro researchers...

RunCMS XSS Vulnerability via User Agent

Title: RunCMS XSS Vulnerability via User Agent Vendor: RunCMS Product: RunCMS Tested Version: 2.1 Threat Class: XSS Severity: Medium Remote: yes Local: no Discovered By: Andrei Rimsa Alvares ===== Description ===== RunCMS is prone to a XSS vulnerability by mangling the user-agent field on a http...

GMail, GTalk phishing scam underway

Attention GMail and GTalk users: There’s a major spam run underway with social engineering lures to steal your login cretentials. This image shows a GMail message that purports to be an account termination warning from Google but, if a user is tricked into clicking on the link, he/she is redirect...

Integrity Clientless Security (ICS) Update 3.7.223.0

Check Point Integrity ™ Clientless Security ICS protects your Web site by detecting and disabling spyware processes and allowing you to enforce security policies before a user logs onto your network. Using ICS you can prevent users with potentially harmful software from accessing your Web site, a...

Scripts can overwrite functions on pages from other domains

When accesing frames from different Web sites, specially crafted scripts can bypass the same-origin policy, and overwrite functions from those frames. If scripts on the page then run those functions, this can cause the script of the attacker's choice to run in the context of the target Web site...

Sambar Server 5.x/6.0/6.1 - Server Referer Cross-Site Scripting

source: https://www.securityfocus.com/bid/13722/info Sambar Server administrative interface does not adequately filter some HTML code thus making it prone to cross-site scripting attacks. It is possible for a remote attacker to create a malicious link containing script code which will be executed...

phpWebSite 0.10.0 Full Path disclosure

/ -------------------------------------------------------- Neo Security Team NST® wWw.SoSvulnerable.NeT ® -------------------------------------------------------- Program: phpWebSite 0.10.0 Homepage: http://phpwebsite.appstate.edu Vulnerable Versions: All Risk: High!! Impact: Full Path disclosure...