WordPress Cryptocurrency Pricing list and Ticker Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Cryptocurrency Pricing list and Ticker 1.5 and earlier versions have a cross-site scripting vulnerabilit...

Heimavista Rpage 跨站脚本漏洞

Heimavista Rpage is a content management system from the Chinese company Heimavista. A cross-site scripting vulnerability exists in versions of Heimavista Rpage prior to v5.4.103, which stems from insufficient filtering of the platform's web URLs that allows an unauthenticated, remote attacker to...

Leaking Screen Information on Zoom Calls through Reflections in Eyeglasses

Okay, its an obscure threat. But people are researching it: Our models and experimental results in a controlled lab setting show it is possible to reconstruct and recognize with over 75 percent accuracy on-screen texts that have heights as small as 10 mm with a 720p webcam." That corresponds to 2...

CVE-2022-37724

Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces...

CVE-2022-37724

The CVE-2022-37724 issue affects Project Wonder WebObjects, with vulnerable components in WebObjects adapters exposing Arbitrary HTTP Header injection and URL- or Header-based XSS reflection. Public records reference affected versions as 1.0 through 5.4.3 (and related advisories extend to 7.3 in ...

CVE-2022-40626

An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend...

PT-2022-24050 · Unknown · Project Wonder Webobjects

Name of the Vulnerable Software and Affected Versions: Project Wonder WebObjects versions 1.0 through 7.3 Description: The issue concerns Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces. A patch for this issue is available...

Biden Cybersecurity Executive Order: Ex-USSS Reflects

Ed Cabrera, former CISO of the US Secret Service and current Chief Cybersecurity Officer for Trend Micro, reflects on the effectiveness of Biden’s executive order and what organizations of all sizes can learn from it...

Debian dla-3090 : php-horde-turba - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3090 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3090-1 [email protected] https://www.debian.org/lts/security/...

USB “Rubber Ducky” Attack Tool

The USB Rubber Ducky is getting better and better. Already, previous versions of the Rubber Ducky could carry out attacks like creating a fake Windows pop-up box to harvest a users login credentials or causing Chrome to send all saved passwords to an attackers webserver. But these attacks had to ...

DotDumper: Automatically Unpacking DotNet based Malware

DotDumper: Automatically Unpacking DotNet Based Malware By Max Kersten · August 11, 2022 The automatic detection and classification of any given file in a reliable manner is often considered the holy grail of malware analysis. The trials and tribulations to get there are plenty, which is why the...

Horde Groupware Webmail <= 5.2.22 RCE Vulnerability (May 2022)

Horde Groupware Webmail is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Mozilla: Directory indexes for bundled resources reflected URL parameters

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when visiting directory listings for chrome:// URLs as source text, some parameters were reflected...

Mozilla: Directory indexes for bundled resources reflected URL parameters

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when visiting directory listings for chrome:// URLs as source text, some parameters were reflected...

Fedora: Security Advisory for golang-github-burntsushi-toml (FEDORA-2022-5ef0bd9a27)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-pquerna-ffjson-0-0.10.20200730gitaa0246c.fc36

Ffjson generates static MarshalJSON and UnmarshalJSON functions for structures in Go. The generated functions reduce the reliance upon runtime reflection to do serialization and are generally 2 to 3 times faster. In cases where ffjson doesn't understand a Type involved, it falls back to...

CVE-2022-30287

Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects...

CVE-2022-30287

Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects...

DEBIAN-CVE-2022-30287

Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects...

UBUNTU-CVE-2022-30287

Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects...