406 matches found
Kliqqi CMS 安全漏洞
Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . A cross-site request forgery vulnerability exists in Kliqqi CMS version v2.0.2, which originates from /module.php?module=karma does not adequately verify that the request comes from a trusted user, and can be exploited by an...
Malicious code in karma-console-reporter (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-2577 Malicious code in karma-console-reporter (npm)
--- -= Per source details. Do not edit below this line.=-...
Fedora: Security Advisory for rust-fedora-update-feedback (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: rust-fedora-update-feedback-2.1.4-2.fc40
Provide feedback for Fedora updates inspired by fedora-easy-karma...
Karma 安全漏洞
Karma is a simple tool. Allows execution of JavaScript code in multiple real browsers. A security vulnerability exists in Karma versions prior to 0.17.4.1, which stems from the fact that sending multiple post requests at the same time will bypass the cooldown validation...
CVE-2024-34695 WOWS Karma vulnerable to a post submission bounce/timing attack
WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on "create" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts simultaneously reques...
CVE-2024-34695 WOWS Karma vulnerable to a post submission bounce/timing attack
WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on "create" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts simultaneously reques...
CVE-2024-34695
Affected software: WOWS Karma reputation system for World of Warships. Root cause / vector: A user can click the"create" button multiple times on the post-creation prompt before the modal closes, causing several API requests to be sent in parallel. This timing flaw allows bypassing the cooldown v...
CVE-2024-34695 WOWS Karma vulnerable to a post submission bounce/timing attack
WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on "create" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts simultaneously reques...
PT-2024-26112 · Unknown · Wows Karma
Name of the Vulnerable Software and Affected Versions: WOWS Karma versions prior to 0.17.4.1 Description: The issue allows a user to bypass cooldown validation by sending multiple post creation API requests simultaneously. This is achieved by clicking the "create" button multiple times on a post...
[SECURITY] Fedora 38 Update: rust-fedora-update-feedback-2.1.3-2.fc38
Provide feedback for Fedora updates inspired by fedora-easy-karma...
Pinacolada - Wireless Intrusion Detection System For Hak5's WiFi Coconut
Pinacolada looks for typical IEEE 802.11 attacks and then informs you about them as quickly as possible. All this with the help of Hak5's WiFi Coconut, which allows it to listen for threats on all 14 channels in the 2.4GHz range simultaneously. Supported 802.11 Attacks Attack | Type | Status...
Malicious Package
Overview karma-jasmine-i-global is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
Malicious Package
Overview karma-wait-for-load is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packa...
Malicious Package
Overview karma-jquery2 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious Package
Overview karma-i-ua is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious code in karma-jasmine-i-request (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ed0afb956ba7f377036f0c8ef4717a97760b7a00263c1d791ec61995e323cbe7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in karma-jquery2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 55d521035684c4dbe2c48fd0ee90ce405fbfb292a771e6c278ad707668d648a0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in karma-jasmine-i-global (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e549b03e79b04aa24627294bb5599da9fb989a712bfbe3a6048c97bed62778b4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...