7656 matches found
Huawei HarmonyOS Denial of Service Vulnerability (CNVD-2021-63798)
Huawei HarmonyOS is an operating system from Huawei China. It provides a microkernel-based, fully distributed operating system. Huawei HarmonyOS has a security vulnerability that could be exploited by an attacker to cause a persistent DOS...
CVE-2021-22419
A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to cause persistent dos...
CVE-2021-22419
HarmonyOS contains an Insufficient Verification of Data Authenticity vulnerability (CVE-2021-22419) that could allow local attackers to cause a persistent denial of service. The issue is described across multiple sources as a HarmonyOS component flaw leading to DoS, with local access required and...
Fortinet FortiSandbox 缓冲区错误漏洞
Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet, a US-based company. The appliance offers dual sandboxing technology, a dynamic threat intelligence system, a real-time control panel and reporting, etc. The Fortinet FortiSandbox is vulnerable to a buff...
Several Bugs Found in 3 Open-Source Software Used by Several Businesses
Cybersecurity researchers on Tuesday disclosed nine security vulnerabilities affecting three open-source projects — EspoCRM, Pimcore, and Akaunting — that are widely used by several small to medium businesses and, if successfully exploited, could provide a pathway to more sophisticated attacks. A...
CVE-2021-37470
In NCH WebDictate v2.13, persistent Cross Site Scripting XSS exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript...
CVE-2021-37470
CVE-2021-37470 : In NCH WebDictate v2.13, a persistent Cross-Site Scripting (XSS) flaw exists in the Recipient Name field. An authenticated user can modify this field to inject arbitrary JavaScript, enabling script execution associated with the user’s session. Documented references confirm the vu...
Cross-Site Scripting in Backend Grid View
Problem Failing to properly encode settings for backend layouts, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. Solution Update to TYPO3 versions 8.7.41 ELTS, 9.5.28, 10.4.18, 11.3.1 that fix the...
GHSA-6MH3-J5R5-2379 Cross-Site Scripting in Query Generator & Query View
Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 4.5 Problem Failing to properly encode error messages, the components QueryGenerator and QueryView are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileg...
Cross-Site Scripting in Query Generator & Query View
Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 4.5 Problem Failing to properly encode error messages, the components QueryGenerator and QueryView are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileg...
APT Hackers Distributed Android Trojan via Syrian e-Government Portal
An advanced persistent threat APT actor has been tracked in a new campaign deploying Android malware via the Syrian e-Government Web Portal, indicating an upgraded arsenal designed to compromise victims. "To the best of our knowledge, this is the first time that the group has been publicly observ...
TYPO3 Cross-Site Scripting Vulnerability (CNVD-2022-17986)
TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Typo3 association.TYPO3 suffers from a cross-site scripting vulnerability that stems from the fact that the QueryGenerator and QueryView components are vulnerable to reflected and persistent cross-sit...
CVE-2021-32669 Cross-Site Scripting in Backend Grid View
TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When settings for backend layouts are not properly encoded, the corresponding grid view is vulnerable to...
Cross-Site Scripting in Query Generator & Query View
Failing to properly encode error messages, the components QueryGenerator and QueryView are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileges is needed to exploit this vulnerability...
PT-2021-3864 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 versions 9.0.0 through 9.5.28 TYPO3 versions 10.0.0 through 10.4.17 TYPO3 versions 11.0.0 through 11.3.0 Description: The issue is related to the implementation of the Page TSconfig configuration in the TYPO3 content management system,...
Cross-Site Scripting in Page Preview
Failing to properly encode Page TSconfig settings, the corresponding page preview module WebView is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability...
Unspecified Vulnerability in Fortinet FortiSandbox
Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. Fortinet FortiSandbox suffers from a security vulnerability that stems from th...
Judge.me : HTML INJECTION (STORED)
Vulnerability description not provided...
Infographic: Bad Bot Sophistication Levels
All bad bots interact with applications in the same way a legitimate user would, making them harder to detect and block. They enable high-speed abuse, misuse, and attacks on your websites, mobile apps, and APIs. They allow bot operators, attackers, unsavory competitors, and fraudsters to perform ...
CVE-2020-22167
PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data...