Security Bulletin: IBM Event Streams is vulnerable to proxy bypass

Summary IBM Event Streams is vulnerable to proxy bypass due to improper handling of IPv6 zoneID CVE-2025-22870 Vulnerability Details CVEID:CVE-2025-22870 DESCRIPTION: Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPRO...

EUVD-2006-5936

Malware in sbrugna...

AZL-56046 CVE-2024-45341 affecting package golang for versions less than 1.18.8-5

A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs...

SPA Cart CMS - Multiple SQL Injection Vulnerabilities

Document Title: =============== SPA Cart CMS - Multiple SQL Injection Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2304 Release Date: ============= 2021-10-17 Vulnerability Laboratory ID VL-ID: ==================================== 230...

new-star.com.my XSS vulnerability

Open Bug Bounty ID: OBB-461872 Description| Value ---|--- Affected Website:| new-star.com.my Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

CVE-2014-4526

Multiple cross-site scripting XSS vulnerabilities in callback.php in the efence plugin 1.3.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 message, 2 zoneid, 3 pubKey, or 4 privKey parameter...

E-GlobalFocus CMS SQL Injection

Exploit Title: e-globalfocus cms Sql Injection Vulnerability Google Dork: intext:"Web design by www.e-globalfocus.com" Date: 08/24/2012 Author: Crim3R Vendor Home : www.e-globalfocus.com Tested on: all ======================================== zoneid parametr in news.asp file is Vulnerable to sql...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Authoritative DNS - DNS Zones page in Barracuda Link Balancer 330 Firmware 1.3.2.005 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 zoneid or 2 scope parameter...

CVE-2011-5114

Multiple cross-site scripting XSS vulnerabilities in the Authoritative DNS - DNS Zones page in Barracuda Link Balancer 330 Firmware 1.3.2.005 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 zoneid or 2 scope parameter...

Unfixed Redirect vulnerability at ads.webhosting.info

Security researcher SeYMeN, has submitted on 31/05/2008 a Redirect vulnerability affecting ads.webhosting.info, which at the time of submission ranked 34793 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 05/06/2008. It is currently unfixed. If...

CVE-2006-5953

SQL injection vulnerability in viewcart.asp in Evolve shopping cart aka Evolve Merchant allows remote attackers to execute arbitrary SQL commands via the zoneid parameter...

PT-2006-6618 · Evolve · Evolve Shopping Cart

Name of the Vulnerable Software and Affected Versions: Evolve shopping cart affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands via the zoneid parameter in the "viewcart.asp" file. This enables attackers to manipulate the database by...

CVE-2006-5953

The CVE-2006-5953 issue is an SQL injection in Evolve shopping cart's viewcart.asp, exploitable through the zoneid parameter to execute arbitrary SQL commands. Documented in multiple sources (NVD, CVE lists, PT-2006-6618) confirms the vulnerability and its remote nature but provides no concrete d...