7705 matches found
Malicious Package
Overview middleware-bucket-endpoint is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if thi...
Malicious Package
Overview intergalactic-documentation is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if th...
Malicious Package
Overview @creditkudos/design-foundations is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable i...
Malicious Package
Overview www-search is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious Package
Overview tiffany-contracts is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...
Malicious Package
Overview vscode-clangd is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious Package
Overview @ay-cms/cms-web-sdk is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packa...
CM Download Manager < 2.8.6 - Admin+ Arbitrary File Upload
The plugin allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example. PoC Activate PHP extension: - Log in and go to "CM Downloads" "Settings" "General"...
Friday Squid Blogging: Squid Images
iStock has over 13,000 royalty-free images of squid. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...
CVE-2022-37679
Miniblog.Core v1.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blog/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field...
CVE-2022-37679
Miniblog.Core v1.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blog/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field...
CVE-2022-37679
Miniblog.Core v1.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blog/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field...
CVE-2022-37679
CVE-2022-37679 affects Miniblog.Core v1.0 in the /blog/edit Excerpt field, enabling cross-site scripting via a crafted payload. Root cause is an XSS vulnerability in the Excerpt input; impact per the entry is execute arbitrary script/HTML in the client. CVSS v3.1 base score is 4.8 (Medium) with n...
WordPress Netroics Blog Posts Grid 1.0 Plugin - Stored XSS Vulnerability
Exploit Title: WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting XSS Exploit Author: saitamang, syad, yunaranyancat Vendor Homepage: wordpress.org Software Link: https://downloads.wordpress.org/plugin/netroics-blog-posts-grid.zip Version: 1.0 Tested on: Centos 7 apache2 ...
madskristensen Miniblog.Core 跨站脚本漏洞
madskristensen Miniblog.Core is a blogging engine built on ASP.NET Core. A security vulnerability exists in madskristensen Miniblog.Core v1.0, which allows attackers to execute arbitrary web script or HTML by injecting a crafted payload into the Excerpt field via the /blog/edit component...
PT-2022-24038 · Unknown · Miniblog.Core
Name of the Vulnerable Software and Affected Versions: Miniblog.Core version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field in the "/blog/edit" API endpoint. This enables the execution of malicious code on...
WordPress Netroics Blog Posts Grid 1.0 Cross Site Scripting
Exploit Title: Stored XSS in posttitle parameter in WordPress Plugin "Netroics Blog Posts Grid" v1.0 Date: 08/08/2022 Exploit Author: saitamang, syad, yunaranyancat Vendor Homepage: wordpress.org Software Link: https://downloads.wordpress.org/plugin/netroics-blog-posts-grid.zip Version: 1.0 Teste...
WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting (XSS)
Exploit Title: WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting XSS Date: 08/08/2022 Exploit Author: saitamang, syad, yunaranyancat Vendor Homepage: wordpress.org Software Link: https://downloads.wordpress.org/plugin/netroics-blog-posts-grid.zip Version: 1.0 Tested on:...
Holiday Readiness, Part I: Best Practices for Maintaining Peak Performance
Preparing for a post-pandemic holiday season means managing for peak application and system performance...
Pagekit CMS cross-site scripting in Markdown text box where articles are edited
A cross-site scripting XSS vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit...