Aggregator

CVE-2004-1104 | Microsoft Internet Explorer 6 HTML Link Table authentication spoofing (VU#702086 / EDB-24714)

Vuldb Updates
2 months 4 weeks ago
A vulnerability was found in Microsoft Internet Explorer 6. It has been declared as critical. Affected by this issue is some unknown functionality of the component HTML Link Table Handler. Executing manipulation can lead to authentication bypass by spoofing. This vulnerability appears as CVE-2004-1104. The attack may be performed from remote. In addition, an exploit is available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2004-1050 | Microsoft Internet Explorer IFRAME src/name heap-based overflow (MS04-040 / VU#842160)

Vuldb Updates
2 months 4 weeks ago
A vulnerability was found in Microsoft Internet Explorer. It has been rated as very critical. This affects an unknown part of the component IFRAME Handler. The manipulation of the argument src/name leads to heap-based buffer overflow. This vulnerability is traded as CVE-2004-1050. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to replace the affected component with an alternative.
vuldb.com

Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader

Help Net Security
2 months 4 weeks ago

Microsoft and Cloudflare have disrupted a Phishing-as-a-Service operation selling the RaccoonO365 kit for stealing Microsoft 365 account credentials. “Using a court order granted by the Southern District of New York, [we] seized 338 websites associated with the popular service, disrupting the operation’s technical infrastructure and cutting off criminals’ access to victims,” announced Steven Masada, Assistant General Counsel at Microsoft’s Digital Crimes Unit (DCU). Who is behind RaccoonO365? RaccoonO365 (aka Storm-2246) sold pre-packaged, subscription-based phishing kits, … More →

The post Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader appeared first on Help Net Security.

Zeljka Zorz

CVE-2025-10632 | itsourcecode Online Petshop Management System 1.0 Admin Dashboard availableframe.php name/address cross site scripting

VulDB Recent Entries
2 months 4 weeks ago
A vulnerability classified as problematic was found in itsourcecode Online Petshop Management System 1.0. The affected element is an unknown function of the file availableframe.php of the component Admin Dashboard. The manipulation of the argument name/address results in cross site scripting. This vulnerability is known as CVE-2025-10632. It is possible to launch the attack remotely. Furthermore, an exploit is available.
vuldb.com

CVE-2025-10631 | itsourcecode Online Petshop Management System 1.0 Available Products Page addcnp.php name/description cross site scripting

VulDB Recent Entries
2 months 4 weeks ago
A vulnerability classified as problematic has been found in itsourcecode Online Petshop Management System 1.0. Impacted is an unknown function of the file addcnp.php of the component Available Products Page. The manipulation of the argument name/description leads to cross site scripting. This vulnerability is traded as CVE-2025-10631. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-10629 | D-Link DIR-852 1.00CN B09 Simple Service Discovery Protocol Service htodcs/cgibin ssdpcgi_main ST command injection

VulDB Recent Entries
2 months 4 weeks ago
A vulnerability described as critical has been identified in D-Link DIR-852 1.00CN B09. This issue affects the function ssdpcgi_main of the file htodcs/cgibin of the component Simple Service Discovery Protocol Service. Executing manipulation of the argument ST can lead to command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability appears as CVE-2025-10629. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com

CVE-2025-10628 | D-Link DIR-852 1.00CN B09 Web Management Interface hedwig.cgi command injection

VulDB Recent Entries
2 months 4 weeks ago
A vulnerability marked as critical has been reported in D-Link DIR-852 1.00CN B09. This vulnerability affects unknown code of the file /htdocs/cgibin/hedwig.cgi of the component Web Management Interface. Performing manipulation results in command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is reported as CVE-2025-10628. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com

CVE-2025-10627 | SourceCodester Online Exam Form Submission 1.0 /admin/delete_user.php ID sql injection

VulDB Recent Entries
2 months 4 weeks ago
A vulnerability labeled as critical has been found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /admin/delete_user.php. Such manipulation of the argument ID leads to sql injection. This vulnerability is documented as CVE-2025-10627. The attack can be executed remotely. Additionally, an exploit exists.
vuldb.com

CVE-2025-10626 | SourceCodester Online Exam Form Submission 1.0 /admin/update_s3.php credits sql injection

VulDB Recent Entries
2 months 4 weeks ago
A vulnerability identified as critical has been detected in SourceCodester Online Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /admin/update_s3.php. This manipulation of the argument credits causes sql injection. This vulnerability is registered as CVE-2025-10626. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
vuldb.com

Qilin

Dark Feed IO
2 months 4 weeks ago

You must login to view this content

cohenido

Managed ad