Aggregator

CVE-2002-0148 | Microsoft IIS 4.0/5.0/5.1 Error Page cross site scripting (VU#886699 / EDB-21372)

Vuldb Updates
1 month 4 weeks ago
A vulnerability, which was classified as problematic, has been found in Microsoft IIS 4.0/5.0/5.1. Affected by this issue is some unknown functionality of the component Error Page. The manipulation leads to basic cross site scripting. This vulnerability is handled as CVE-2002-0148. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2009-3194 | JCE-Tech SearchFeed Script index.php Search cross site scripting (EDB-34884 / SA36482)

Vuldb Updates
1 month 4 weeks ago
A vulnerability was found in JCE-Tech SearchFeed Script and classified as problematic. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument Search leads to cross site scripting. This vulnerability is handled as CVE-2009-3194. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2006-6383 | PHP 4.4.0/5.2.0 Restriction input validation (EDB-29239 / Nessus ID 27390)

Vuldb Updates
1 month 4 weeks ago
A vulnerability, which was classified as problematic, has been found in PHP 4.4.0/5.2.0. Affected by this issue is some unknown functionality of the component Restriction Handler. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2006-6383. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2015-6132 | Microsoft Windows up to Vista Library Loader access control (MS15-132 / EDB-38968)

Vuldb Updates
1 month 4 weeks ago
A vulnerability classified as critical was found in Microsoft Windows up to Vista. Affected by this vulnerability is an unknown functionality of the component Library Loader. The manipulation leads to improper access controls. This vulnerability is known as CVE-2015-6132. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

Malicious Browser Extensions Infect Over 700 Users Across Latin America Since Early 2025

The Hackers News
1 month 4 weeks ago
Cybersecurity researchers have shed light on a new campaign targeting Brazilian users since the start of 2025 to infect users with a malicious extension for Chromium-based web browsers and siphon user authentication data. "Some of the phishing emails were sent from the servers of compromised companies, increasing the chances of a successful attack," Positive Technologies security researcher
The Hacker News

Week in review: Google fixes exploited Chrome zero-day, Patch Tuesday forecast

Help Net Security
1 month 4 weeks ago

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: June 2025 Patch Tuesday forecast: Second time is the charm? Microsoft has been busy releasing more out-of-band (OOB) patches than usual throughout May. Google fixes Chrome zero-day with in-the-wild exploit (CVE-2025-5419) Google has fixed two Chrome vulnerabilities, including a zero-day flaw (CVE-2025-5419) with an in-the-wild exploit. Rethinking governance in a decentralized identity world Decentralized identity (DID) is gaining traction, and … More →

The post Week in review: Google fixes exploited Chrome zero-day, Patch Tuesday forecast appeared first on Help Net Security.

Help Net Security

CVE-2006-1015 | PHP 3.x/4.x/5.x mail additional_parameters memory corruption (EDB-27334 / Nessus ID 31649)

Vuldb Updates
1 month 4 weeks ago
A vulnerability was found in PHP 3.x/4.x/5.x. It has been classified as critical. This affects the function mail. The manipulation of the argument additional_parameters leads to memory corruption. This vulnerability is uniquely identified as CVE-2006-1015. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2002-0079 | Microsoft IIS 4.0/5.0 Chunked Encoding Transfer memory corruption (VU#610291 / EDB-21368)

Vuldb Updates
1 month 4 weeks ago
A vulnerability classified as critical has been found in Microsoft IIS 4.0/5.0. Affected is an unknown function of the component Chunked Encoding Transfer Handler. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2002-0079. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad