Aggregator

CVE-2006-6383 | PHP 4.4.0/5.2.0 Restriction input validation (EDB-29239 / Nessus ID 27390)

Vuldb Updates
1 month 4 weeks ago
A vulnerability, which was classified as problematic, has been found in PHP 4.4.0/5.2.0. Affected by this issue is some unknown functionality of the component Restriction Handler. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2006-6383. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2015-6132 | Microsoft Windows up to Vista Library Loader access control (MS15-132 / EDB-38968)

Vuldb Updates
1 month 4 weeks ago
A vulnerability classified as critical was found in Microsoft Windows up to Vista. Affected by this vulnerability is an unknown functionality of the component Library Loader. The manipulation leads to improper access controls. This vulnerability is known as CVE-2015-6132. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

Malicious Browser Extensions Infect Over 700 Users Across Latin America Since Early 2025

The Hackers News
1 month 4 weeks ago
Cybersecurity researchers have shed light on a new campaign targeting Brazilian users since the start of 2025 to infect users with a malicious extension for Chromium-based web browsers and siphon user authentication data. "Some of the phishing emails were sent from the servers of compromised companies, increasing the chances of a successful attack," Positive Technologies security researcher
The Hacker News

Week in review: Google fixes exploited Chrome zero-day, Patch Tuesday forecast

Help Net Security
1 month 4 weeks ago

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: June 2025 Patch Tuesday forecast: Second time is the charm? Microsoft has been busy releasing more out-of-band (OOB) patches than usual throughout May. Google fixes Chrome zero-day with in-the-wild exploit (CVE-2025-5419) Google has fixed two Chrome vulnerabilities, including a zero-day flaw (CVE-2025-5419) with an in-the-wild exploit. Rethinking governance in a decentralized identity world Decentralized identity (DID) is gaining traction, and … More →

The post Week in review: Google fixes exploited Chrome zero-day, Patch Tuesday forecast appeared first on Help Net Security.

Help Net Security

CVE-2006-1015 | PHP 3.x/4.x/5.x mail additional_parameters memory corruption (EDB-27334 / Nessus ID 31649)

Vuldb Updates
1 month 4 weeks ago
A vulnerability was found in PHP 3.x/4.x/5.x. It has been classified as critical. This affects the function mail. The manipulation of the argument additional_parameters leads to memory corruption. This vulnerability is uniquely identified as CVE-2006-1015. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2002-0079 | Microsoft IIS 4.0/5.0 Chunked Encoding Transfer memory corruption (VU#610291 / EDB-21368)

Vuldb Updates
1 month 4 weeks ago
A vulnerability classified as critical has been found in Microsoft IIS 4.0/5.0. Affected is an unknown function of the component Chunked Encoding Transfer Handler. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2002-0079. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2004-1935 | SCT Campus Pipeline 2.1 Mail Attachment cross site scripting (EDB-24008 / XFDB-15878)

Vuldb Updates
1 month 4 weeks ago
A vulnerability, which was classified as problematic, has been found in SCT Campus Pipeline 2.1. This issue affects some unknown processing of the component Mail Attachment Handler. The manipulation leads to basic cross site scripting. The identification of this vulnerability is CVE-2004-1935. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2008-6880 | EasySiteNetwork Jokes Complete Website joke.php ID sql injection (EDB-32672 / XFDB-47468)

Vuldb Updates
1 month 4 weeks ago
A vulnerability, which was classified as critical, was found in EasySiteNetwork Jokes Complete Website. Affected is an unknown function of the file joke.php. The manipulation of the argument ID leads to sql injection. This vulnerability is traded as CVE-2008-6880. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2015-6133 | Microsoft Windows up to Server 2012 R2 Library Loader access control (MS15-132 / EDB-41706)

Vuldb Updates
1 month 4 weeks ago
A vulnerability, which was classified as critical, has been found in Microsoft Windows up to Server 2012 R2. Affected by this issue is some unknown functionality of the component Library Loader. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2015-6133. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-3913 | Mattermost up to 9.11.12/10.5.3/10.6.2/10.7.0 Team Privacy Setting /api/v4/teams/ authorization (Nessus ID 237904)

Vuldb Updates
1 month 4 weeks ago
A vulnerability was found in Mattermost up to 9.11.12/10.5.3/10.6.2/10.7.0. It has been classified as problematic. This affects an unknown part of the file /api/v4/teams/ of the component Team Privacy Setting Handler. The manipulation leads to incorrect authorization. This vulnerability is uniquely identified as CVE-2025-3913. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-2571 | Mattermost up to 9.11.12/10.5.3/10.6.2/10.7.0 Google OAuth Signup incorrect implementation of authentication algorithm (Nessus ID 237904)

Vuldb Updates
1 month 4 weeks ago
A vulnerability classified as problematic has been found in Mattermost up to 9.11.12/10.5.3/10.6.2/10.7.0. Affected is an unknown function of the component Google OAuth Signup. The manipulation leads to incorrect implementation of authentication algorithm. This vulnerability is traded as CVE-2025-2571. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-1792 | Mattermost up to 9.11.12/10.5.3/10.7.0 Channel Members API Endpoint authorization (Nessus ID 237903)

Vuldb Updates
1 month 4 weeks ago
A vulnerability classified as problematic was found in Mattermost up to 9.11.12/10.5.3/10.7.0. Affected by this vulnerability is an unknown functionality of the component Channel Members API Endpoint. The manipulation leads to incorrect authorization. This vulnerability is known as CVE-2025-1792. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad