70 matches found
EUVD-2018-0130
Malware in sbrugna...
EUVD-2014-4883
Malware in sbrugna...
EUVD-2022-24812
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2012-3648
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application...
Ubuntu: Security Advisory (USN-7279-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
JobSearch WP Job Board < 2.3.4 - Arbitrary File Upload to RCE
Description The plugin does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server Navigate to the site, and paste the following in your browser's console: fetch'/wp-admin/admin-ajax.php', method: 'POST', headers:...
Shortcodes Ultimate < 5.12.8 - Subscriber+ Arbitrary Post Access
The plugin does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber to view draft, private or even password protected posts. It is also possible to leak the password of...
Chaty < 3.0.3 - Admin+ SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
dTabs <= 1.4 - Reflected Cross-Site Scripting
The plugin does not sanitize and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/options-general.php?page=dtabs.php&action=edit&tab="...
Hotjar Connecticator <= 1.1.1 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin was vulnerable to Stored Cross-Site Scripting XSS in the "hotjar script" textarea. The request did include a CSRF nonce that was properly verified by the server and this vulnerability could only be exploited by administrator users. Step 1: Install and activate the plugin "Hotjar...
Wyzi < 2.4.3 - Reflected Cross-Site Scripting (XSS)
The Wyzi Theme was affected by reflected XSS vulnerabilities in the business search feature https://example.com/business/?keyword=%22%3E%3Cimg%20src=x%20onerror=alert/XSS/%3Easd&wyz-loc-filter-txt=&loc-filter-txt=&loc-filter-lat=&loc-filter-lng=&category=&radius=0...
The vulnerability of Adobe Experience Manager’s content and media management system lies in its lack of protection for website structures. This allows attackers to execute arbitrary JavaScript code in the user’s browser.
The vulnerability of the Adobe Experience Manager content and media management system is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser using a specially crafted website...
ActiveX Data Objects (ADO) Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that ActiveX Data Objects ADO handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim user’s privileges. An attacker could craft a website that exploits the vulnerabilit...
H2 Database 1.4.196 - Remote Code Execution
Exploit Title: H2 Database 1.4.196 - Remote Code Execution Google Dork: N/A Date: 2018-09-24 Exploit Author: h4ckNinja Vendor Homepage: https://www.h2database.com/ Software Link: http://www.h2database.com/h2-2018-03-18.zip Version: 1.4.196 and 1.4.197 Tested on: macOS/Linux CVE: N/A This takes...
alchemist.vim bundled alchemist-server remote code execution vulnerability
alchemist.vim is a text editor plugin used in Elixir. bundled alchemist-server is one of the servers. A remote code execution vulnerability exists in bundled alchemist-server in alchemist.vim. A remote attacker can exploit this vulnerability to execute arbitrary code with the help of a malicious...
The vulnerability of the Windows operating system, which allows a perpetrator to trigger a service failure or otherwise affect the system.
The vulnerability of the Color Management Module ICM32.dll in the Windows operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor to cause service failures or otherwise affect the system through a specially crafted website...
Microsoft Windows Graphics Component Remote Code Execution (MS17-013: CVE-2017-0108)
A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way the Windows Uniscribe handles objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted website...
Audiojungle Clone Script - SQL Injection
Audiojungle Clone Script - SQL Injection Exploit Title: Audiojungle Clone Script - SQL Injection Google Dork: N/A Date: 08.03.2017 Vendor Homepage: http://bsetec.com/ Software : http://audiojungleclone.bsetec.com/ Demo: http://www.bsetecdemo.com/audiojungleclone Version: N/A Tested on: Win7 x64,...
NewsBee CMS SQL Injection
Exploit Title: NewsBee CMS a SQL Injection Date: 06.02.2017 Software Link: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937?srank=2 Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits...
Vulnerabilities of Microsoft Edge and Internet Explorer browsers, which allow attackers to circumvent existing access restrictions policies
The vulnerabilities of Microsoft Edge and Internet Explorer are caused by an operation that goes beyond the buffer boundaries in memory. Exploiting these vulnerabilities can allow a malicious actor to bypass existing access restrictions by using a specially crafted website...