Directory Traversal

Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Directory Traversal via the restorebackup function. An attacker can overwrite arbitrary files outside the intended extraction directory by uploading a specially...

EUVD-2024-0021

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper handling of errors in filters. An attacker can execute arbitrary code in the context of a user's browser by injecting maliciou...

CVE-2025-52558 ChangeDetection.io XSS in watch overview

changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Prior to version 0.50.4, errors in filters from website page change detection watches were not being filtered resulting in a cross-site scripting XSS vulnerability. This...

CVE-2025-52558 ChangeDetection.io XSS in watch overview

changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Prior to version 0.50.4, errors in filters from website page change detection watches were not being filtered resulting in a cross-site scripting XSS vulnerability. This...

changedetection.io 安全漏洞

changedetection.io is a website change detection, monitoring and notification application by dgtlmoon individual developer. A security vulnerability exists in changedetection.io that stems from improper input validation...

PYSEC-2024-15

changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint /api/v1/watch//history can be accessed by any unauthorized user. As a result any unauthorized user can check one's watch history. However, because unauthorized party...

Design/Logic Flaw

changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint /api/v1/watch//history can be accessed by any unauthorized user. As a result any unauthorized user can check one's watch history. However, because unauthorized party...

Cross site request forgery (csrf)

The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in the tawktosetwidget and tawktoremovewidget AJAX actions, available to any authenticated user. The first one allows low-privileged users including simple subscribers to change the...

In0ri - Defacement Detection With Deep Learning

In0ri is a defacement detection system utilizing a image-classification convolutional neural network. Introduction When monitoring a website, In0ri will periodically take a screenshot of the website then put it through a preprocessor that will resize the image down to 250x250px and numericalize t...

Check-Host Website Monitoring Service

Check-Host is a web service for checking the availability of hosts, DNS records, and IP addresses from different locations. It may be used to gather information on target servers as a preliminary stage before launching an attack...

Web Spidering Framework: Malspider

Web Spidering Framework That Detects Characteristics of Web Compromises Malspider is a web spidering framework that inspects websites for characteristics of compromise. Malspider has three purposes: Website Integrity Monitoring : monitor your organization’s website or your personal website for...

Google Sent Hacked Notification Messages to Millions of Webmasters

Google Sent Hacked Notification Messages to Millions of Webmasters Google's head of the webspam team, Matt Cutts, announced on Twitter that they have sent out new message notifications to 20,000 web sites that are hacked. Specifically, Google sent these messages to sites doing "weird redirects."...

Irongeek's Shared hosting MD5 Change Detection Script

Irongeek's Shared hosting MD5 Change Detection Script Adrian Crenshaw aka Irongeek just release another great tool for web admins that will monitor the files on a website, and report any changed via email. Actually "irongeek.com" was hacked few days back which is hosted on a shared hosting. There...

Fork CMS 3.2.4 Cross Site Scripting / Local File Inclusion

Exploit Title: Fork CMS v.3.2.4 - Multiple Vulnerabilities Script Page : http://www.fork-cms.com Date: 11-02-2012 Author : RandomStorm - http://www.randomstorm.com Avram Marius Gabriel d3v1l Tested on: Windows XP & Vista Reflected Cross-Site Scripting XSS on Admin Panel POC:...

Fork CMS 3.2.4 - Local File Inclusion / Cross-Site Scripting

Exploit Title: Fork CMS v.3.2.4 - Multiple Vulnerabilities Script Page : http://www.fork-cms.com Date: 11-02-2012 Author : RandomStorm - http://www.randomstorm.com Avram Marius Gabriel d3v1l Tested on: Windows XP & Vista Reflected Cross-Site Scripting XSS on Admin Panel POC:...

ECSHOP 2.6 calendar.php本地包含漏洞

ECShop是一款B2C独立网店系统,适合企业及个人快速构建个性化网上商店。系统是基于PHP语言及MYSQL数据库构架开发的跨平台开源程序。 在文件js/calendar.php中： code$lang = !empty$GET'lang' ? trim$GET'lang' : 'zhcn'; if !fileexists'../languages/' . $lang . '/calendar.php' $lang = 'zhcn'; requiredirnamedirnameFILE . '/data/config.php'; header'Content-type:...

Killed 3 6 0 the two methods-vulnerability warning-the black bar safety net

Two methods: A BAT a + DOS+RAR BAT code is as follows: Code a patch up, actually is website monitoring for unsafe information, not allowing the release of Halo 4） Then use WINRAR to establish a self-extracting file Path: c:\windows After extracting run the vbs file name. vbs Quiet mode: hide all...

WordPress $_SERVER变量跨站脚本漏洞

BUGTRAQ ID: 26885 WordPress是一款免费的论坛Blog系统。 WordPress处理全局变量时存在漏洞，远程攻击者可能利用此漏洞控制导致跨站脚本执行攻击。 WordPress信任了$SERVER'REQUESTURI'全局变量，因此远程攻击者控制了$SERVER'REQUESTURI'就可以执行跨站脚本攻击。以下是/wp-includes/query.php文件中第34行的有漏洞函数： function isadmin global $wpquery; return $wpquery-isadmin || stripos$SERVER'REQUESTURI',...