Aggregator
CVE-2009-3059 | Allpublication JBoard 2.0 Core city sql injection (EDB-34456 / ADV-2009-2473)
1 month 4 weeks ago
A vulnerability was found in Allpublication JBoard 2.0. It has been rated as critical. This issue affects some unknown processing of the component Core. The manipulation of the argument city leads to sql injection.
The identification of this vulnerability is CVE-2009-3059. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2006-6383 | PHP 4.4.0/5.2.0 Restriction input validation (EDB-29239 / Nessus ID 27390)
1 month 4 weeks ago
A vulnerability, which was classified as problematic, has been found in PHP 4.4.0/5.2.0. Affected by this issue is some unknown functionality of the component Restriction Handler. The manipulation leads to improper input validation.
This vulnerability is handled as CVE-2006-6383. Local access is required to approach this attack. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2015-6132 | Microsoft Windows up to Vista Library Loader access control (MS15-132 / EDB-38968)
1 month 4 weeks ago
A vulnerability classified as critical was found in Microsoft Windows up to Vista. Affected by this vulnerability is an unknown functionality of the component Library Loader. The manipulation leads to improper access controls.
This vulnerability is known as CVE-2015-6132. The attack can be launched remotely. Furthermore, there is an exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
Malicious Browser Extensions Infect Over 700 Users Across Latin America Since Early 2025
1 month 4 weeks ago
Cybersecurity researchers have shed light on a new campaign targeting Brazilian users since the start of 2025 to infect users with a malicious extension for Chromium-based web browsers and siphon user authentication data.
"Some of the phishing emails were sent from the servers of compromised companies, increasing the chances of a successful attack," Positive Technologies security researcher
The Hacker News
Week in review: Google fixes exploited Chrome zero-day, Patch Tuesday forecast
1 month 4 weeks ago
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: June 2025 Patch Tuesday forecast: Second time is the charm? Microsoft has been busy releasing more out-of-band (OOB) patches than usual throughout May. Google fixes Chrome zero-day with in-the-wild exploit (CVE-2025-5419) Google has fixed two Chrome vulnerabilities, including a zero-day flaw (CVE-2025-5419) with an in-the-wild exploit. Rethinking governance in a decentralized identity world Decentralized identity (DID) is gaining traction, and … More →
The post Week in review: Google fixes exploited Chrome zero-day, Patch Tuesday forecast appeared first on Help Net Security.
Help Net Security
CVE-2006-1014 | PHP up to 5.1.0 IMAP (EDB-27335 / Nessus ID 17716)
1 month 4 weeks ago
A vulnerability was found in PHP. It has been declared as critical. This vulnerability affects unknown code of the component IMAP. The manipulation leads to an unknown weakness.
This vulnerability was named CVE-2006-1014. The attack can be initiated remotely. Furthermore, there is an exploit available.
It is recommended to disable the affected component.
vuldb.com
CVE-2006-1015 | PHP 3.x/4.x/5.x mail additional_parameters memory corruption (EDB-27334 / Nessus ID 31649)
1 month 4 weeks ago
A vulnerability was found in PHP 3.x/4.x/5.x. It has been classified as critical. This affects the function mail. The manipulation of the argument additional_parameters leads to memory corruption.
This vulnerability is uniquely identified as CVE-2006-1015. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2019-13237 | Alkacon OpenCms 10.5.4/10.5.5 clearhistory.jsp information disclosure (ID 154281 / EDB-47340)
1 month 4 weeks ago
A vulnerability was found in Alkacon OpenCms 10.5.4/10.5.5. It has been declared as critical. This vulnerability affects unknown code of the file clearhistory.jsp. The manipulation leads to information disclosure.
This vulnerability was named CVE-2019-13237. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2002-0079 | Microsoft IIS 4.0/5.0 Chunked Encoding Transfer memory corruption (VU#610291 / EDB-21368)
1 month 4 weeks ago
A vulnerability classified as critical has been found in Microsoft IIS 4.0/5.0. Affected is an unknown function of the component Chunked Encoding Transfer Handler. The manipulation leads to memory corruption.
This vulnerability is traded as CVE-2002-0079. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
WorldLeaks
1 month 4 weeks ago
You must login to view this content
cohenido
CVE-2004-1935 | SCT Campus Pipeline 2.1 Mail Attachment cross site scripting (EDB-24008 / XFDB-15878)
1 month 4 weeks ago
A vulnerability, which was classified as problematic, has been found in SCT Campus Pipeline 2.1. This issue affects some unknown processing of the component Mail Attachment Handler. The manipulation leads to basic cross site scripting.
The identification of this vulnerability is CVE-2004-1935. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2008-6880 | EasySiteNetwork Jokes Complete Website joke.php ID sql injection (EDB-32672 / XFDB-47468)
1 month 4 weeks ago
A vulnerability, which was classified as critical, was found in EasySiteNetwork Jokes Complete Website. Affected is an unknown function of the file joke.php. The manipulation of the argument ID leads to sql injection.
This vulnerability is traded as CVE-2008-6880. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2015-6133 | Microsoft Windows up to Server 2012 R2 Library Loader access control (MS15-132 / EDB-41706)
1 month 4 weeks ago
A vulnerability, which was classified as critical, has been found in Microsoft Windows up to Server 2012 R2. Affected by this issue is some unknown functionality of the component Library Loader. The manipulation leads to improper access controls.
This vulnerability is handled as CVE-2015-6133. The attack may be launched remotely. Furthermore, there is an exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
PUBG辅助更新
1 month 4 weeks ago
DIVER OSINT CTF 2025
1 month 4 weeks ago
Name: DIVER OSINT CTF 2025 (an DIVER OSINT CTF event.)
Date: June 7, 2025, 3 a.m. — 08 June 2025, 03:00 UTC [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctfd.diverctf.org/
Rating weight: 0.00
Event organizers: diver_osint
Date: June 7, 2025, 3 a.m. — 08 June 2025, 03:00 UTC [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctfd.diverctf.org/
Rating weight: 0.00
Event organizers: diver_osint
CVE-2025-3913 | Mattermost up to 9.11.12/10.5.3/10.6.2/10.7.0 Team Privacy Setting /api/v4/teams/ authorization (Nessus ID 237904)
1 month 4 weeks ago
A vulnerability was found in Mattermost up to 9.11.12/10.5.3/10.6.2/10.7.0. It has been classified as problematic. This affects an unknown part of the file /api/v4/teams/ of the component Team Privacy Setting Handler. The manipulation leads to incorrect authorization.
This vulnerability is uniquely identified as CVE-2025-3913. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-2571 | Mattermost up to 9.11.12/10.5.3/10.6.2/10.7.0 Google OAuth Signup incorrect implementation of authentication algorithm (Nessus ID 237904)
1 month 4 weeks ago
A vulnerability classified as problematic has been found in Mattermost up to 9.11.12/10.5.3/10.6.2/10.7.0. Affected is an unknown function of the component Google OAuth Signup. The manipulation leads to incorrect implementation of authentication algorithm.
This vulnerability is traded as CVE-2025-2571. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-1792 | Mattermost up to 9.11.12/10.5.3/10.7.0 Channel Members API Endpoint authorization (Nessus ID 237903)
1 month 4 weeks ago
A vulnerability classified as problematic was found in Mattermost up to 9.11.12/10.5.3/10.7.0. Affected by this vulnerability is an unknown functionality of the component Channel Members API Endpoint. The manipulation leads to incorrect authorization.
This vulnerability is known as CVE-2025-1792. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-3611 | Mattermost up to 9.11.12/10.5.3/10.7.0 System Console authorization (Nessus ID 237903)
1 month 4 weeks ago
A vulnerability, which was classified as problematic, has been found in Mattermost up to 9.11.12/10.5.3/10.7.0. Affected by this issue is some unknown functionality of the component System Console. The manipulation leads to incorrect authorization.
This vulnerability is handled as CVE-2025-3611. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com