99 matches found
Cross Site Scripting(XSS)
Decidim is vulnerable to Cross-Site Scripting XSS attacks. The vulnerability is due to improper sanitization of admin activity logs, allowing XSS payloads to be injected when an admin assigns a valuator to a proposal or performs other actions that generate logs with malicious content...
CVE-2024-25118
creationtimestamp| type| source ---|---|--- 2024-02-14 00:21:58+00:00| seen| https://t.me/ctinow/184320 2024-03-06 08:06:58+00:00| seen| https://t.me/ctinow/201082...
CVE-2022-0679
creationtimestamp| type| source ---|---|--- 2022-03-28 22:41:49+00:00| seen| https://t.me/cibsecurity/39663 2024-12-21 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-12-21 2024-12-24 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities -...
CVE-2021-35503
Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs...
CVE-2021-35503
Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs...
Cross site scripting
Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs...
CVE-2021-35503
Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs...
CVE-2021-35503
CVE-2021-35503 affects Afian FileRun 2021.03.26. The issue is a stored XSS caused by mishandling of the HTTP X-Forwarded-For header when rendering Activity Logs, implying user-supplied header data could be reflected in logs and executed in the browser. The description identifies the affected comp...
DFIR-O365RC - PowerShell Module For Office 365 And Azure AD Log Collection
PowerShell module for Office 365 and Azure AD log collection Module description The DFIR-O365RC PowerShell module is a set of functions that allow the DFIR analyst to collect logs relevant for Office 365 Business Email Compromise investigations. The logs are generated in JSON format and retrieved...
CVE-2020-13247
BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area...
CVE-2020-13247
BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area...
Adult Content Site Exposed Personal Data of 1M Users
The personal information more than a million users of popular adult website Luscious, including email addresses that sometimes indicated full names, were found exposed in an unsecured Elasticsearch database. The website, which focuses on anime-themed, user-uploaded adult content, has over 1 milli...
How Activity Logs Help WordPress Admins Better Manage Website Security
Managing a WordPress website can sap a lot of your time and energy, which otherwise you'd spend on managing your business. If you're looking to cut down on the hours, you spend troubleshooting WordPress technical and security problems, better managing and monitoring your website and users, or you...
How Activity Logs Help WordPress Admins Better Manage Website Security
Managing a WordPress website can sap a lot of your time and energy, which otherwise you'd spend on managing your business. If you're looking to cut down on the hours, you spend troubleshooting WordPress technical and security problems, better managing and monitoring your website and users, or you...
Full-Fledged Phishing Framework: FirePhish
FirePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more. The features will continue to be expanded and will include website spoofing, click tracking, and extensive notification...
China Orders Apple to Monitor App Store Users and Track their Identities
China has long been known for its strict censorship which makes it difficult for foreign technology companies to do business in the world’s most populous country of over 1.35 billion people. Now, the new law issued by the Chinese government will expand its strict Internet monitoring efforts into...
CVE-2013-2296
CVE-2013-2296 affects Walrus in Eucalyptus prior to 3.2.2. The issue: GetBucketLoggingStatus, SetBucketLoggingStatus, and SetBucketVersioningStatus bucket operations do not verify authorization, allowing remote authenticated users to bypass restrictions on (1) modifying logging, (2) modifying ver...
CVE-2008-3704
creationtimestamp| type| source ---|---|--- 2008-08-14 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/6244 2008-08-26 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/6317 2010-11-24 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16507 2018-05-29...
Simple Machine Forum 1-0-5 (possibly prior versions) user IP address / information disclosure
Simple Machine Forum 1-0-5 possibly prior versions user IP address / information disclosure Aug 31 2005 10:37AM retrogod aliceposta it Simple Machine Forum 1-0-5 possibly prior versions user IP address / information disclosure software: site: http://www.simplemachines.org/ information disclosure:...