Lucene search
K

52 matches found

Github Security Blog
Github Security Blog
added 2020/09/03 9:17 p.m.26 views

Cross-Site Scripting in markdown-to-jsx

Versions of markdown-to-jsx prior to 6.11.4 are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization the package may render output containing malicious JavaScript. This vulnerability can be exploited through input of links containing data or VBScript URIs and a base64-encode...

2.8AI score
Exploits0References3Affected Software1
Veracode
Veracode
added 2020/05/29 6:0 a.m.21 views

Cross-site Scripting (XSS)

markdown-to-jsx is vulnerable to cross-site scripting XSS. The attack exists because it does not sufficiently escape the input to the links containing data or VBScript URIs and a base64-encoded payload...

1.8AI score
Exploits0
Hacker One
Hacker One
added 2019/06/26 7:5 a.m.41 views

Starbucks: Reflected cross-site scripting on multiple Starbucks assets.

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Please indicate NA, if not applicable. Remember, the more detail you provide, the easier it is for us to verify and then potentially issue a bounty, so be sure to take your time filling...

Exploits0
0day.today
0day.today
added 2019/06/13 12:0 a.m.162 views

Sitecore 8.x - Deserialization Remote Code Execution Vulnerability

Exploit for asp platform in category web applications Exploit Title: Sitecore v 8.x Deserialization RCE Date: Reported to vendor October 2018, fix released April 2019. Exploit Author: Jarad Kopf Vendor Homepage: https://www.sitecore.com/ Software Link: Sitecore downloads:...

9CVSS8.7AI score0.14196EPSS
Exploits5
Node.js
Node.js
added 2019/04/17 2:50 p.m.19 views

Cross-Site Scripting

Overview Versions of simple-markdown prior to 0.4.4 are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization the package may render output containing malicious JavaScript. This vulnerability can be exploited through input of links containing data or VBScript URIs and a...

4.3CVSS2.9AI score0.01274EPSS
Exploits0Affected Software1
OSV
OSV
added 2019/04/09 7:47 p.m.20 views

GHSA-QJ3F-9GMQ-FWV5 Cross-Site Scripting in simple-markdown

Versions of simple-markdown prior to 0.4.4 are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization the package may render output containing malicious JavaScript. This vulnerability can be exploited through input of links containing data or VBScript URIs and a base64-encoded...

6.1CVSS6AI score0.01274EPSS
Exploits0References9
0day.today
0day.today
added 2019/04/09 12:0 a.m.29 views

Linux/x64 - XANAX Decoder Shellcode (127 bytes)

Linux/x64 - XANAX Decoder Shellcode 127 bytes ; Date: 08/04/2019 ; XANAX Decoder ; Author: Alan Vivona ; Description: Reverts the xor-add-not-add-xor sequence using the same 4 byte key and executes the encoded payload. ; Tested on: x86-x64 GNU/Linux global start section .text keys.xor1 equ 0x29...

0.5AI score
Exploits0
Metasploit
Metasploit
added 2017/02/16 6:32 p.m.171 views

Microsoft Office Word Malicious Macro Execution

This module injects a malicious macro into a Microsoft Office Word document docx. The comments field in the metadata is injected with a Base64 encoded payload, which will be decoded by the macro and execute as a Windows executable. For a successful attack, the victim is required to manually enabl...

7.3AI score
Exploits0
Packet Storm
Packet Storm
added 2016/11/17 12:0 a.m.44 views

Authenticated WMI Exec Via Powershell

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/post/windows/powershell' require 'msf/core/post/windows/priv' require 'msf/core/exploit/powershell/dotnet' class MetasploitModule...

0.6AI score
Exploits0
0day.today
0day.today
added 2016/03/03 12:0 a.m.26 views

AppLocker - Execution Prevention Bypass (Metasploit)

Exploit for windows platform in category local exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class Metasploit4 'AppLocker Execution Prevention Bypass', 'Description' = %q This module will generate a .NET...

6.8AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

Red Hat CloudForms Management Engine 5.1 - agent/linuxpkgs Path Traversal

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2009/11/26 12:0 a.m.55 views

Microsoft IIS 4.0 .HTR Path Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Microsoft II...

10CVSS0.2AI score0.78099EPSS
Exploits5
Rows per page
Query Builder