33 matches found
EUVD-2011-4986
Malware in sbrugna...
EUVD-2004-0762
Malware in sbrugna...
EUVD-2015-5871
Malware in sbrugna...
EUVD-2000-0559
Malware in sbrugna...
EUVD-2018-1865
Malware in sbrugna...
CVE-2025-36027
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against...
CVE-2023-22266 AEM URL Redirection to Untrusted Site Security feature bypass
Experience Manager versions 6.5.15.0 and earlier are affected by a URL Redirection to Untrusted Site 'Open Redirect' vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interactio...
FBI warns of bogus job postings on recruitment sites
Before Christmas was a busy time down at the fake job factory, with all manner of dubious antics out to ruin someone’s day. We’re now info February and the bogus job offers show no sign of abating. In fact, the FBI considers it to be such a problem that its issued an alert. This isn’t your typica...
User Activity Log < 1.4.7 - Reflected Cross-Site Scripting
The plugin does not escape the txtsearch parameter before outputting it in an attribute, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=useractionlog&txtsearch=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28%2FXSS%2F%29%2F%2F...
CVE-2020-0878
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...
Windows Text Service Module Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory. An attacker who successfully exploited the vulnerability could gain execution on a victim system. An attacker could host a specially crafted website that is designed to exploit the...
CVE-2020-1569
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...
Internet Explorer Memory Corruption Vulnerability
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilit...
Microsoft Browser Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...
Symantec Endpoint Encryption Elevation of Privilege Vulnerability
Symantec Endpoint Encryption SEE is a suite of software from Symantec Corporation that provides advanced encryption and management capabilities for desktops, laptops, and removable storage devices. An elevation of privilege vulnerability exists in versions of Symantec SEE prior to 11.2.1 MP1, whi...
Internet Explorer Memory Corruption Vulnerability
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilit...
Microsoft Edge Memory Corruption Vulnerability
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...
Microsoft Internet Explorer Memory Corruption (MS15-094: CVE-2015-2498)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a victim to view a specially crafted website with an affecte...
FengCMS 修复不当导致getshell
简要描述: FengCMS 修复不当导致getshell,属于修复不当,跟其他的没重复了- -,对审核同学造成的不便深感歉意。 详细说明: 之前提交过一次跟 WooYun: FengCMS新版本重装 漏洞重复了。现在重新看一下。发现修复的有问题,而且install目录默认是不会自动删除的,依然可以getshell! header"Content-type:text/html;charset=utf-8"; define"TPLINCLUDE",1; // 定义当前路径 define'ABSPATH',dirnameFILE; define'ROOTPATH',dirnameABSPATH...
FengCMS的CSRF漏洞可导致数据库被dump
简要描述: 重要功能未进行csrf token验证导致可被脱裤 详细说明: 后台管理中的数据备份功能未进行csrf token验证。 攻击者制作内容如下的csrf.php并放到attacker.com下面: 随后将http://attacker.com/csrf.php这个URL发送给受害者(网站管理员)。如果管理员在打开该URL时处于登录状态就会以管理员的身份像目标服务器发送备份数据库的请求: ?controller=dbmanage&operate=save&type=0...