Lucene search
+L

94 matches found

CNVD
CNVD
added 2022/12/30 12:0 a.m.70 views

Mozilla Firefox Access Control Error Vulnerability (CNVD-2023-03068)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. An access control error vulnerability exists in Mozilla Firefox, which stems from the Remote Agent used in WebDriver not validating the Host or Origin header. An attacker could exploit the vulnerability to force...

6.5CVSS2.5AI score0.00233EPSS
Exploits0References1
OSV
OSV
added 2022/12/22 8:15 p.m.6 views

CVE-2022-22757

Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.. This vulnerability affect...

6.5CVSS7.4AI score0.00233EPSS
Exploits0References2
0day.today
0day.today
added 2022/04/27 12:0 a.m.183 views

WordPress Curtain 1.0.2 Cross Site Scripting Vulnerability

Exploit Title: Multiple Stored Cross-Site Scripting vulnerabilities in WordPress curtain plugin 1.0.2 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/curtain/ Version: 1.0.2 Tested on: Firefox Contact me: h at spidersilk.com Description Several...

7.4AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/11/25 12:0 a.m.8 views

Vulnerability of software programs with DOM functions to bypass CAPTCHA; ReCaptcha solvers that allow hackers to gain full control over the browser.

The vulnerability of DOM-based software for bypassing CAPTCHA systems is related to the lack of security measures taken to protect the structure of web pages. Exploiting this vulnerability can allow a hacker to gain full control over the browser...

6.1CVSS6.3AI score0.00581EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2021/08/22 12:0 a.m.6 views

ReCaptcha Solver 跨站脚本漏洞

ReCaptcha Solver is a Google application plugin for automated validation of Google ReCaptcha V2. A cross-site scripting vulnerability exists in ReCaptcha Solver version 5.7, which stems from a response in setCaptchaCode being inserted into the DOM as HTML, giving full control over the user's...

6.1CVSS5.9AI score0.00581EPSS
Exploits0References2
NVD
NVD
added 2021/07/22 12:15 p.m.29 views

CVE-2021-22523

XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. The vulnerability could allow the control of web browser and hijacking user sessions...

7.6CVSS0.00811EPSS
Exploits0References1
Prion
Prion
added 2021/07/22 12:15 p.m.19 views

Xxe

XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. The vulnerability could allow the control of web browser and hijacking user sessions...

6.8CVSS7.5AI score0.00811EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/07/22 11:11 a.m.29 views

CVE-2021-22523

XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. The vulnerability could allow the control of web browser and hijacking user sessions...

7.7AI score0.00811EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/07/22 12:0 a.m.7 views

Micro Focus Verastream Host Integrator 代码问题漏洞

Micro Focus Verastream Host Integrator is an asset management platform from Micro Focus UK. The platform supports the management of servers, web applications, and other assets. A security vulnerability exists in Micro Focus Verastream Host Integrator 7.8 Update 1 and prior versions that could all...

7.6CVSS7.3AI score0.00811EPSS
Exploits0References2
Metasploit
Metasploit
added 2020/04/22 4:37 a.m.66 views

Multi Manage the screen of the target meterpreter session

This module allows you to view and control the screen of the target computer via a local browser window. The module continually screenshots the target screen and also relays all mouse and keyboard events to session. This module requires Metasploit: https://metasploit.com/download Current source:...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2019/04/16 6:40 p.m.54 views

TomTom: Reflected Cross Site Scripting vuln in tomtom.com

Hello Tomtom security team I found a reflected cross site scripting security vulnerability in tomtom.com https://www.tomtom.com/nlnl/search/?q=27%22--%3E%3CDetails%20Open%20OnToggle=confirmdocument.domain%3E This payload when loaded displays the domain the XSS vulnerability occurs in www.tomtom.c...

0.4AI score
Exploits0
exploitpack
exploitpack
added 2017/11/16 12:0 a.m.22 views

LanSweeper 6.0.100.75 - Cross-Site Scripting

LanSweeper 6.0.100.75 - Cross-Site Scripting LanSweeper - Cross Site Scripting and HTMLi Title: Vulnerability in LanSweeper Date: 16-11-2017 Status: Vendor contacted, patch available Author: Miguel Mendez Z Vendor Homepage: http://www.lansweeper.com Version: 6.0.100.75 CVE: CVE-2017-16841...

4.3CVSS6.2AI score0.01438EPSS
Exploits4
Exploit DB
Exploit DB
added 2017/11/16 12:0 a.m.40 views

LanSweeper 6.0.100.75 - Cross-Site Scripting

LanSweeper - Cross Site Scripting and HTMLi Title: Vulnerability in LanSweeper Date: 16-11-2017 Status: Vendor contacted, patch available Author: Miguel Mendez Z Vendor Homepage: http://www.lansweeper.com Version: 6.0.100.75 CVE: CVE-2017-16841 Vulnerability description -------------------------...

6.1CVSS6.4AI score0.01438EPSS
Exploits4
Malwarebytes
Malwarebytes
added 2017/10/05 4:19 p.m.68 views

Using ILSpy to analyze a small adware file

My curiosity was triggered when the telemetry of our heuristic scanner started showing a multitude of reports about a small file called grandfather.exe, so I went out to grab a copy and have a look at it. As you can probably tell from some of the detection names at Virustotal, this is a MSIL...

6.8AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2016/09/13 11:38 p.m.44 views

MSRT September 2016 release feature: Prifou

As part of our ongoing effort to provide better malware protection, the Microsoft Malicious Software Removal Tool MSRT release this September includes detections for: BrowserModifier:Win32/Prifou TrojanClicker:Win32/NightClick Trojan:Win32/Suweezy Trojan:Win32/Xadupi This blog discusses...

6.8AI score
Exploits0
Patchstack
Patchstack
added 2015/02/21 12:0 a.m.17 views

WordPress AdPlugg Plugin <= 1.1.33 - Stored Cross Site Scripting

Because of this vulnerability, attackers can hijack other users session, take control of another administrator's browser or install malware on their computer. Solution Upgrade the plugin...

3.6AI score
Exploits0References1Affected Software1
ThreatPost
ThreatPost
added 2013/07/31 6:55 p.m.12 views

Online Ad Networks Leverages to Launch Javascript Attacks

LAS VEGAS – Researchers have figured out how to leverage the reach of online advertising networks to distribute javascript of their choosing, creating the equivalent of a botnet of ad impressions capable of crashing underlying webservers or distributing malware on a massive scale for pennies on t...

7AI score
Exploits0
securityvulns
securityvulns
added 2012/11/26 12:0 a.m.55 views

FW: =| Security Advisory - TP-LINK TL-WR841N XSS &#40;Cross Site Scripting&#41; |=

=| Security Advisory - TP-LINK TL-WR841N XSS Cross Site Scripting |= Issue: TL-WR841N 300Mbps Wireless N Router by "TP-LINK" Firmware Version: 3.13.9 Build 120201 Rel.54965n and Below Discovered Date: 17/11/2012 Author: Matan Azugi [email protected] Product Vendor:...

1.5AI score
Exploits0
seebug.org
seebug.org
added 2011/10/13 12:0 a.m.32 views

Microsoft .NET Framework / Silverlight类继承限制漏洞(MS11-078)

CVE ID: CVE-2011-1508 .NET Framework是用于Windows的新托管代码编程模型,用于构建具有视觉上引人注目的用户体验的应用程序,实现跨技术边界的无缝通信,并且能支持各种业务流程。Silverlight 是一种新的 Web 呈现技术,能在各种平台上运行。 Microsoft .NET Framework和Microsoft Silverlight在类继承的实现上存在安全漏洞,恶意用户可通过特制的网页利用此漏洞控制用户系统。要成功利用,需要浏览器可以运行XBAPs或Silverlight应用程序。 Microsoft .NET Framework 4.x...

9.3CVSS1.7AI score0.14451EPSS
Exploits2
exploitpack
exploitpack
added 2011/07/18 12:0 a.m.24 views

Iskratel SI2000 Callisto 821+ - Cross-Site Request Forgery HTML Injection

Iskratel SI2000 Callisto 821+ - Cross-Site Request Forgery HTML Injection source: https://www.securityfocus.com/bid/48711/info The Iskratel SI2000 Callisto 821+ is prone to a cross-site request-forgery vulnerability and multiple HTML-injection vulnerabilities. An attacker can exploit the cross-si...

0.4AI score
Exploits0
Rows per page
Query Builder