22 matches found
EUVD-2016-3448
Malware in sbrugna...
EUVD-2019-16041
Malware in sbrugna...
EUVD-2019-15222
Malware in sbrugna...
codeium-chrome security vulnerability
codeium-chrome is an open source code completion plugin for the Chrome web browser. A security vulnerability exists in Chrome plugin codeium-chrome version v1.2.52, which stems from Service Worker not checking the sender when receiving an external message, allowing an attacker to host a website a...
PT-2024-2625 · Unknown · Codeium-Chrome
Name of the Vulnerable Software and Affected Versions: codeium-chrome affected versions not specified Description: The issue is related to the lack of protection for service data in the codeium-chrome plugin. An attacker can exploit this to send arbitrary requests to the internal autocomplete...
SUSE CVE-2013-0896
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly manage memory during message handling for plug-ins, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...
Malicious Package
Overview chrome-plugin-icon-generator is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...
Revisiting old tools
Many, many years ago I was onsite and noticed that a company's internal website had checked out their website using the subversion code versioning system. This subversion archive contained the site's web.config which has a set of credentials for SQL server, which through many steps led to domain...
CVE-2019-5647
The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart of the Chrome browser. This behavior could make future session hijacking attempts easier, since the user could believe a session was closed when it was not. This issue...
CVE-2019-5647
The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart of the Chrome browser. This behavior could make future session hijacking attempts easier, since the user could believe a session was closed when it was not. This issue...
CVE-2019-5647 Rapid7 AppSpider Chrome Plugin Insufficient Session Expiration
The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart of the Chrome browser. This behavior could make future session hijacking attempts easier, since the user could believe a session was closed when it was not. This issue...
Design/Logic Flaw
Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor Auth Bypass" attacks by using the "Perform a right-click operation to access a forgotten dev menu to insert user passwords that otherwise would require the user to accept a second-factor request in a mobile app." approach,...
CVE-2019-6481
Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor Auth Bypass" attacks by using the "Perform a right-click operation to access a forgotten dev menu to insert user passwords that otherwise would require the user to accept a second-factor request in a mobile app." approach,...
CVE-2019-6481
Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor Auth Bypass" attacks by using the "Perform a right-click operation to access a forgotten dev menu to insert user passwords that otherwise would require the user to accept a second-factor request in a mobile app." approach,...
CVE-2019-6481
Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor Auth Bypass" attacks by using the "Perform a right-click operation to access a forgotten dev menu to insert user passwords that otherwise would require the user to accept a second-factor request in a mobile app." approach,...
CVE-2019-6481
CVE-2019-6481 affects Abine Blur 7.8.2431 via the Affected Chrome Plugin component, enabling a remote attacker to bypass second‑factor authentication by using a right‑click sequence to access a forgotten dev menu to insert user passwords that would normally require MFA approval. This mirrors the ...
LastPass Password Manager and then exposed a serious vulnerability, the browser-based Password Manager can also be used? - Vulnerability warning-the black bar safety net
No use cryptographic software before, we easily forget the password; use password software, we“reluctantly”leak the All password. LastPass, the popular password management software, recently again broke security vulnerabilities. Security personnel found in LastPass Chrome and Firefox 4.1.42 versi...
Cisco Patches Critical Flaw in WebEx Chrome Plugin
A vulnerability in the Cisco WebEx Chrome Plugin, used by tens of millions for web conferencing in business environments, exposed computers to remote code execution. Cisco has begun releasing updates that patch the flaw, details of which were disclosed Monday by Google Project Zero researcher Tav...
Fonality HUDweb for Google Chrome Plugin Arbitrary Code Execution Vulnerability
Fonality formerly known as Trixbox pro is an open-source telephone switch solution with integrated VoIP and CRM features from Fonality, USA. The solution supports voicemail, multi-party voice conferencing and interactive voice response IVR. An arbitrary code execution vulnerability exists in the...
Feeder.co Chrome plugin crossite scripting
Crossite scripting via RSS...