36 matches found
EUVD-2022-2443
Malicious code in bioql PyPI...
CVE-2025-34227
CVE-2025-34227 affects Nagios XI prior to 2026R1. The authenticated command-injection vulnerability exists in the Monitoring Wizard’s configuration pages for MongoDB, MySQL, and PostgreSQL wizards, where shell characters injected into wizard arguments allow execution of arbitrary commands on the ...
CVE-2025-34227 Nagios XI < 2026R1 Configuration Wizard Authenticated Command Injection
Nagios XI 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. It is possible to inject shell characters into arguments provided to the service and execute arbitrary system...
CVE-2025-34227
Nagios XI 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. It is possible to inject shell characters into arguments provided to the service and execute arbitrary system...
PT-2025-39429
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2026R1 Description Nagios XI is susceptible to an authenticated command injection issue present in the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. Successful exploitatio...
SUSE CVE-2013-7073
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters...
TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an...
GHSA-47WW-MQ32-G4XW TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an...
GHSA-4RPV-G4GQ-RH4M TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters...
TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters...
Denial of Service Vulnerability in Wizards Secure Endpoints
Wizards Terminal Security is a computer system security protection software developed by Wizards. Wizards Secure Terminal has a denial-of-service vulnerability that can be exploited by attackers to construct malformed data and cause a denial of service...
Wizards endpoint security suffers from exe hijacking vulnerability
Wizards Endpoint Security is an antivirus program based on artificial intelligence technology. Wise Terminal Security has an exe hijacking vulnerability that can be exploited by an attacker to execute arbitrary code on the victim's machine...
Magecart skimmers found on Amazon CloudFront CDN
Update 06-08-2019: The compromises of Amazon S3 buckets continue and some large sites are being affected. Our crawler spotted a malicious injection that loads a skimmer for the Washington Wizards page on the official NBA.com website. The skimmer was inserted in this JavaScript library:...
Provisioning Services: XenDesktop Setup Wizard or Streamed VM Wizard does not use the template boot properties when creating targets.
Using Provisioning Services PVSXenDesktop or Streamed VM Wizard, users were unable to change the Boot Order of newly created target devices...
[SECURITY] Fedora 25 Update: python-proteus-4.0.2-1.fc25
A client library to access Tryton's internal objects like Models and Wizard s...
openSUSE Security Update : hawk2 (openSUSE-2016-971)
This update for hawk2 fixes one security issue and one bug. The following security change is included : - To prevent Clickjacking attacks, set Content-Security-Policy to frame-ancestors 'self' bsc984619 The following non-security issue was fixed : - In the Wizards UI, prevent text display issues...
Security update for hawk2 (important)
This update for hawk2 fixes one security issue and one bug. The following security change is included: - To prevent Clickjacking attacks, set Content-Security-Policy to frame-ancestors 'self' bsc984619 The following non-security issue was fixed: - In the Wizards UI, prevent text display issues du...
Word Wizards - Dangerous filesystem permissions, Insecure KeyStore, Runtime privilege escalation vulnerabilities
HackApp vulnerability scanner discovered that application Word Wizards published at the 'play' market has multiple vulnerabilities...
Using V8 U-AIR wizards to restore Exchange 2003 and 2007
This KB article documents the procedure for restoring Application Items for Exchange 2003 and Exchange 2007. The Veeam Explorer for Microsoft Exchange does not support these versions of Exchange. In o...
[SECURITY] Fedora 20 Update: drupal6-ctools-1.11-1.fc20
This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it includ...