Cross site request forgery (csrf)

The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack...

CVE-2021-24668 MAZ Loader < 1.4.1 - Arbitrary Loader Deletion via CSRF

The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack...

CVE-2021-24668

The vulnerability CVE-2021-24668 affects the WordPress plugin MAZ Loader, specifically versions before 1.4.1. The root cause is missing nonce checks, enabling CSRF attacks that let an attacker cause administrators to delete arbitrary loaders. Impact is described as arbitrary loader deletion via C...

WordPress 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on servers running PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress plugin that stems from the MAZ Loader not...

The vulnerability of the Google Chrome browser’s loader component, which allows a hacker to execute arbitrary code.

The vulnerability of the Google Chrome browser’s loader component is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code through a specially created web page...

Hackers Exploiting ProxyLogon and ProxyShell Flaws in Spam Campaigns

Threat actors are exploiting ProxyLogon and ProxyShell exploits in unpatched Microsoft Exchange Servers as part of an ongoing spam campaign that leverages stolen email chains to bypass security software and deploy malware on vulnerable systems. The findings come from Trend Micro following an...

CVE-2021-38374

OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL...

Design/Logic Flaw

OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL...

CVE-2021-38374

OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL...

PT-2021-22088 · Open Xchange · Ox App Suite

Name of the Vulnerable Software and Affected Versions: OX App Suite versions 7.10.5 and earlier Description: The issue allows for cross-site scripting XSS attacks via a crafted snippet that contains an app loader reference within an app loader URL. This enables potential attackers to execute...

Microsoft Edge (Chromium) < 96.0.1052.29 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 96.0.1052.29. It is, therefore, affected by multiple vulnerabilities as referenced in the November 19, 2021 advisory. - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a...

Chromium: CVE-2021-38005 Use after free in loader

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

This Week in Security News - November 19, 2021

This week, learn about how the QAKBOT Loader malware has evolved its techniques and strategies over time. Also, read about the most recent initiative by the legislation to further cybersecurity protection...

GHSA-RRC9-GQF8-8RWG Prototype Pollution via file load in aws-sdk and @aws-sdk/shared-ini-file-loader

This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited furth...

CVE-2021-26335

Improper input and range checking in the AMD Secure Processor ASP boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially resulting in arbitrary code execution...

Input validation

Improper input and range checking in the AMD Secure Processor ASP boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially resulting in arbitrary code execution...

CVE-2021-26335

CVE-2021-26335 concerns the AMD Secure Processor (ASP) boot loader image header. The issue is improper input and range checking, enabling attacker-controlled values before signature validation and potentially allowing arbitrary code execution. In NVD/AMD documentation, the vulnerability is listed...

PyYAML: incomplete fix for CVE-2020-1747

A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw...

Fhex - A Full-Featured HexEditor

This project is born with the aim to develop a lightweight, but useful tool. The reason is that the existing hex editors have some different limitations e.g. too many dependencies, missing hex coloring features, etc.. This project is based on qhexedit2 , capstone and keystone engines. New feature...

Google Chrome post-release reuse vulnerability (CNVD-2022-12743)

Chrome is a simple and efficiently designed web browsing tool developed by Google. A post-release reuse vulnerability exists in the loader in versions of Google Chrome prior to 96.0.4664.45. An attacker could use this vulnerability to potentially exploit heap corruption via a crafted HTML page...