CVE-2018-25036

Thomson TCW710 ST5D.10.05 is affected by CVE-2018-25036 due to an unknown-functionality issue in /goform/RgTime. The vulnerability enables persistent cross-site scripting (XSS) via crafted POST input on TimeServer1/TimeServer2/TimeServer3 (e.g., >). The attack can be launched remotely and the ...

CVE-2018-25035 Thomson TCW710 RGFirewallEL Persistent cross site scriting

A vulnerability, which was classified as problematic, was found in Thomson TCW710 ST5D.10.05. Affected is an unknown function of the file /goform/RGFirewallEL. The manipulation of the argument EmailAddress/SmtpServerName with the input alert1 as part of POST Request leads to cross site scripting...

CVE-2018-25034 Thomson TCW710 wlanPrimaryNetwork Persistent cross site scripting

A vulnerability, which was classified as problematic, has been found in Thomson TCW710 ST5D.10.05. This issue affects some unknown processing of the file /goform/wlanPrimaryNetwork. The manipulation of the argument ServiceSetIdentifier with the input alert1 as part of POST Request leads to basic...

Cross site scripting

A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site scripting Persistent. The attack can be initiated remotely. Upgrading to version 3.3.1 is able t...

CVE-2017-20036 PHPList Bounce Rule Persistent cross site scriting

A vulnerability, which was classified as problematic, was found in PHPList 3.2.6. Affected is an unknown function of the file /lists/admin/ of the component Bounce Rule. The manipulation leads to cross site scripting Persistent. It is possible to launch the attack remotely. Upgrading to version...

CVE-2017-20035 PHPList Subscribe Persistent cross site scriting

A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation leads to cross site scripting Persistent. The attack may be initiated remotely. Upgrading to...

CVE-2017-20035 PHPList Subscribe Persistent cross site scriting

A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation leads to cross site scripting Persistent. The attack may be initiated remotely. Upgrading to...

CVE-2017-20034 PHPList List Name Persistent cross site scriting

A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site scripting Persistent. The attack can be initiated remotely. Upgrading to version 3.3.1 is able t...

CVE-2017-20034 PHPList List Name Persistent cross site scriting

A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site scripting Persistent. The attack can be initiated remotely. Upgrading to version 3.3.1 is able t...

Malicious code in @manomano-toolbox/catalog (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 710708eb64cdd24b39815c91bcdceb54510a8c06f3576ad492d96dd0eb259413 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ecobeeesss (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a2ab9adb1a15eca97b37b0e75f6aa97b7592e2224418c1f284234b428b7f2655 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in d2l-rubric (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 551223fd7a2d9e356d5db1df39fab3d2dfe82a4c86215c43bdfea16345cb42d3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Buffer overflow

An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29...

CVE-2022-31479 Remote Code Execution via command injection of the hostname

An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which...

Growling Bears Make Thunderous Noise

Growling Bears Make Thunderous Noise By Trellix · June 6, 2022 Per public attribution, Russian cybercriminal groups have always been active. Their tactics, techniques, and procedures TTPs have not significantly evolved over time, although some changes have been observed. Lately, the threat...

Malicious code in lexical-monorepo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4af686331feed45b8818ceff08372677fb1f0f5531b48057d994aa8d3e871fc7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Product Show Room Site 1.0 Cross Site Scripting

Product Show Room Site - 'Telephone' Stored Cross-Site ScriptingXSS Exploit Title: Product Show Room Site - 'Telephone' Stored Cross-Site ScriptingXSS Exploit Author: [email protected] inc Vendor Homepage:...

Malicious code in react-devtools-release-script (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ea7f251efb5b52e9221271c637b06b4d48a22a5c0e762a8723498050b5adf80 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ceye-test-0001 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e6c92b162c66b57e82aeff6cb8f48d5f03b4aa264ae009c99139ad5261e520e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

ChromeLoader Browser Hijacker Provides Gateway to Bigger Threats

ChromeLoader may seem on the surface like a run-of-the-mill browser hijacker that merely redirects victims to advertisement websites. However, its use of PowerShell could pose a greater risk by leading to further and advanced malicious activity, such as the propagation of ransomware or spyware or...