SUSE CVE-2015-7185

Mozilla Firefox before 42.0 on Android does not ensure that the address bar is restored upon fullscreen-mode exit, which allows remote attackers to spoof the address bar via crafted JavaScript code...

SUSE CVE-2022-42890

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16...

Senayan Library Management System 9.2.2 Cross Site Scripting

Title: Senayan Library Management System v9.2.2 a.k.a SLIMS 9 XSS-Reflected - inserting gif - redirect to outside HTTPS server Author: nu11secur1ty Date: 12.21.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/tag/v9.2.2 Reference:...

WooCommerce Shipping - DPD baltic < 1.2.57 - Subscriber+ Arbitrary Options Deletion

The plugin does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable. Run the below command in the developer console of the web browser while being on the...

Exploit for Improper Privilege Management in Microsoft

CVE-2022-21970...

多款Siemens产品安全漏洞

Siemens Desigo PX is a building automation control system from Siemens, Germany. A security vulnerability exists in a number of Siemens products that stems from the device's embedded Chromium-based browser being launched as root with the "--no-sandbox" option. An attacker could add arbitrary...

CVE-2022-28873

A vulnerability affecting F-Secure SAFE browser was discovered. An attacker can potentially exploit Javascript window.open functionality in SAFE Browser which could lead address bar spoofing attacks...

Exploit for Out-of-bounds Write in Google Android

V8 JavaScript Engine ============= V8 is Google's open source J...

Old Zimbra vulnerability used to target Ukrainian Government Organizations

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here The Ukrainian Computer Emergency Response Team CERT-UA has issued an alert about a campaign targeting Ukrainian government entities that involve an exploit for an XSS vulnerability in Zimbra Collaboration Suite. The attacker...

CVE-2022-24682

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 update 1, as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing...

YetiForceCrm 跨站请求伪造漏洞

YetiForceCrm is an open source Crm system from the Polish company YetiForce. A cross-site request forgery vulnerability exists in YetiForceCrm prior to version 6.3.0, which stems from a lack of proper validation of client-side data by the WEB application. An attacker could exploit this...

74 CMS Cross-Site Scripting Vulnerability (CNVD-2021-99667)

74cms is a PHP and MySQL-based online recruitment system from China Xunyi Technology Co. 74CMS has a cross-site scripting vulnerability in version v6.0.4, which originates from /index.php?m=&c=help&a=helplist&key missing a data validation filter for user-supplied data and output. An attacker coul...

Online Event Booking and Reservation System 1.0 - (reason) Stored Cross-Site Scripting Vulnerability

Exploit Title: Online Event Booking and Reservation System 1.0 - 'reason' Stored Cross-Site Scripting XSS Exploit Author: Alon Leviev Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html Software Link:...

Pepperl Fuchs WirelessHART-Gateway安全漏洞

Pepperl Fuchs WirelessHART-Gateway is a gateway device from Pepperl Fuchs, Germany. A security vulnerability exists in Pepperl Fuchs WirelessHART-Gateway versions 3.0.8 and 3.0.9 that stems from the HttpOnly attribute not being set on a cookie. An attacker can exploit the vulnerability to read or...

ArcGIS Server Reflective Cross-Site Scripting Vulnerability

ArcGIS Server is the back-end server software component of ArcGIS Enterprise from Esri that makes your geographic information available to others in your organization, and optionally makes it available to anyone with an Internet connection. A reflected cross-site scripting vulnerability exists in...

ZOHO ManageEngine Applications Manager 跨站脚本漏洞

ZOHO ManageEngine Applications Manager is an IT operations management solution from ZOHO, Inc. ZOHO ManageEngine Applications Manager is vulnerable to a cross-site scripting vulnerability that could be exploited to execute malicious JavaScript...

Exploit for Injection in Google Android

This is a full exploit for CVE-2016-6754, also known as BadKernel. The exploit is a proof-of-concept PoC code that demonstrates a vulnerability in the Linux kernel. The code is written in JavaScript and is intended to be used for educational purposes only. The exploit targets a vulnerability in t...

Exploit for Improper Input Validation in Google Chrome

This is a PoC exploit for CVE-2020-16040, a vulnerability in the WebAssembly WASM module loader. The exploit targets the WASM module loader's ability to load and execute WASM code, which can lead to arbitrary code execution. The exploit is implemented in JavaScript and uses the WebAssembly API to...

Exploit for Improper Input Validation in Google Chrome

PoC exploit for CVE-2020-16040, an out-of-bounds read vulnerability in the WebAssembly WASM module loader. The exploit targets the WASM module loader's handling of WebAssembly code, specifically the wasmcode array, which is used to load and execute WASM modules. The vulnerability allows an attack...

Adobe Connect Cross-Site Scripting Vulnerability (CNVD-2021-18026)

Adobe Connect is an online video conferencing software. A reflected cross-site scripting vulnerability exists in Adobe Connect 11.0.5 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary JavaScript in a browser...