Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-25855PUBLISHED: 2023-02-06All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.
CVE-2022-25853PUBLISHED: 2023-02-06All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization.
CVE-2017-20176PUBLISHED: 2023-02-06
A vulnerability classified as problematic was found in ciubotaru share-on-diaspora 0.7.9. This vulnerability affects unknown code of the file new_window.php. The manipulation of the argument title/url leads to cross site scripting. The attack can be initiated remotely. The name of the patch is fb6fa...
CVE-2014-12508PUBLISHED: 2023-02-06
A vulnerability has been found in Gimmie Plugin 1.2.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file trigger_login.php. The manipulation of the argument userid leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The na...
CVE-2014-12508PUBLISHED: 2023-02-06
A vulnerability, which was classified as critical, has been found in Gimmie Plugin 1.2.2. This issue affects some unknown processing of the file trigger_referral.php. The manipulation of the argument referrername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The n...
User Rank: Ninja
6/29/2014 | 5:58:02 PM
As you say, we need to think like the "dark side" and try to uncover threats and new intrusion methodologies before users of malicious intent do. This is one of the only ways I can see us alleviating some of the potential dangers of zero days.