86 matches found
EUVD-2021-9665
Malicious code in bioql PyPI...
EUVD-2024-19806
Malicious code in bioql PyPI...
EUVD-2021-28266
Malicious code in bioql PyPI...
EUVD-2022-4028
Malicious code in bioql PyPI...
How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back
Attackers are increasingly using new phishing toolkits open-source, commercial, and criminal to execute adversary-in-the-middle AitM attacks. AitM enables attackers to not just harvest credentials but steal live sessions, allowing them to bypass traditional phishing prevention controls such as MF...
CVE-2024-22230
Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control...
CVE-2024-22230
Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control...
Cross site scripting
Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control...
CVE-2024-22230
Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control...
Code injection
SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker,...
CVE-2023-43191
SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker,...
CVE-2023-43191
CVE-2023-43191 affects SpringbootCMS 1.0 and related JFinalCMS entries, with a stored XSS condition: malicious code embedded in a foreground message saved to the database can execute when users view comments. The Red Hat advisory and multiple CVE records describe the attack as HTML-embedded scrip...
Mozilla Firefox Access Control Error Vulnerability (CNVD-2023-03068)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. An access control error vulnerability exists in Mozilla Firefox, which stems from the Remote Agent used in WebDriver not validating the Host or Origin header. An attacker could exploit the vulnerability to force...
CVE-2022-22757
Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.. This vulnerability affect...
WordPress Curtain 1.0.2 Cross Site Scripting Vulnerability
Exploit Title: Multiple Stored Cross-Site Scripting vulnerabilities in WordPress curtain plugin 1.0.2 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/curtain/ Version: 1.0.2 Tested on: Firefox Contact me: h at spidersilk.com Description Several...
Vulnerability of software programs with DOM functions to bypass CAPTCHA; ReCaptcha solvers that allow hackers to gain full control over the browser.
The vulnerability of DOM-based software for bypassing CAPTCHA systems is related to the lack of security measures taken to protect the structure of web pages. Exploiting this vulnerability can allow a hacker to gain full control over the browser...
ReCaptcha Solver 跨站脚本漏洞
ReCaptcha Solver is a Google application plugin for automated validation of Google ReCaptcha V2. A cross-site scripting vulnerability exists in ReCaptcha Solver version 5.7, which stems from a response in setCaptchaCode being inserted into the DOM as HTML, giving full control over the user's...
CVE-2021-22523
XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. The vulnerability could allow the control of web browser and hijacking user sessions...
Xxe
XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. The vulnerability could allow the control of web browser and hijacking user sessions...
CVE-2021-22523
XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. The vulnerability could allow the control of web browser and hijacking user sessions...