CVE-2025-32172 WordPress YaMaps for WordPress plugin <= 0.6.40 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Yuri Baranov YaMaps for WordPress yamaps allows Stored XSS.This issue affects YaMaps for WordPress: from n/a through = 0.6.40...

Exploit for Improperly Implemented Security Check for Standard in Google Chrome

CVE-2024-7965 This repository contains...

CVE-2024-43224

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Yuri Baranov YaMaps for WordPress allows Stored XSS.This issue affects YaMaps for WordPress: from n/a through 0.6.27...

Security fix for the ALT Linux 10 package flatpak version 1.14.4-alt1

1.14.4-alt1 built March 27, 2023 Yuri N. Sedunov in task 317059 March 20, 2023 Yuri N. Sedunov - 1.14.4 fixed CVE-2023-28100, CVE-2023-28101...

Researcher Spotlight: Globetrotting with Yuri Kramarz

From the World Cup in Qatar to robotics manufacturing in east Asia, this incident responder combines experience from multiple arenas By Jon Munshaw. Yuri “Jerzy” Kramarz helped secure everything from the businesses supporting the upcoming World Cup in Qatar to the Black Hat security conference an...

Vulnerability Spotlight: Multiple vulnerabilities in Advantech R-SeeNet

Yuri Kramarz discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the Advantech R-SeeNet monitoring software. R-SeeNet is the software system used for monitoring Advantech routers. It continuously collects information from... This is...

Win-911 Enterprise Platform privilege escalation vulnerability

Summary Multiple exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when...

[PT-2011-23] Database information disclosure in GLPI

---------------------------------------------------------------------- PT-2011-23 Positive Technologies Security Advisory Database information disclosure in GLPI ---------------------------------------------------------------------- --- Vulnerable software GLPI Version 0.80.1 and earlier...

PT-2011-20: Authorization bypass vulnerability in OneOrZero AIMS

Positive Research Center has discovered authorization bypass vulnerability in OneOrZero AIMS. Vulnerability exists due incorrect logic of authorization using $COOKIE variables - predictable session value, stored in $COOKIE'oozimsrememberme' variable. Attacker, have valid username which registered...

Simple Document Management System 1.1.4 SQL Injection Auth Bypass

No description provided by source. SDMS Simple Document Management System v1.1.4 SQL Injection Author: Yuri Program: SDMS Simple Document Management System Version: v1.1.4 and probably all older versions as well Website: http://sdms.cafuego.net/ How it works The login system is very insecure, thi...

Simple Document Management System 1.1.4 - Authentication Bypass

SDMS Simple Document Management System v1.1.4 SQL Injection Author: Yuri Program: SDMS Simple Document Management System Version: v1.1.4 and probably all older versions as well Website: http://sdms.cafuego.net/ How it works The login system is very insecure, this is the code we are going to abuse...

Exim 4.43 - &#039;auth_spa_server()&#039; Remote

/ ecl-eximspa.c Yuri Gushin Howdy : This is pretty straightforward, an exploit for the recently discovered vulnerability in Exim's all versions prior to and including 4.43 SPA authentication code - spabase64tobits will overflow a fixed-size buffer since there's no decent boundary checks before it...