19 matches found
EUVD-2024-26227
Malicious code in bioql PyPI...
EUVD-2024-26226
Malicious code in bioql PyPI...
CVE-2024-29209
A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host machine. The vulnerability arises from the application's failure to securely verify the authenticity and...
CVE-2024-29210
A local privilege escalation LPE vulnerability has been identified in Phish Alert Button for Outlook PAB, specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect update checks to an...
CVE-2024-29209
A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host machine. The vulnerability arises from the application's failure to securely verify the authenticity and...
CVE-2024-29210
A local privilege escalation LPE vulnerability has been identified in Phish Alert Button for Outlook PAB, specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect update checks to an...
CVE-2024-29209
A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host machine. The vulnerability arises from the application's failure to securely verify the authenticity and...
CVE-2024-29210
A local privilege escalation LPE vulnerability has been identified in Phish Alert Button for Outlook PAB, specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect update checks to an...
CVE-2024-29210
A local privilege escalation LPE vulnerability has been identified in Phish Alert Button for Outlook PAB, specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect update checks to an...
CVE-2024-29209
The CVE-2024-29209/29210 family concerns Phish Alert Button (PAB) for Outlook and related KnowBe4 clients. Technical details across connected records show: attack via update mechanism (CVE-2024-29209) where the client fails to validate the update server’s TLS/SSL and ignores digital signatures, e...
CVE-2024-29209
A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host machine. The vulnerability arises from the application's failure to securely verify the authenticity and...
CVE-2024-29210
CVE-2024-29210 describes a local privilege escalation in Phish Alert Button for Outlook (PAB) caused by insecure permissions on the configuration file (update server URL). An unprivileged local user can modify the configuration to point updates to a malicious server, enabling LPE in conjunction w...
Knowbe4 Phish Alert Button 安全漏洞
Knowbe4 Phish Alert Button is an application from Knowbe4, Inc. A security vulnerability exists in Knowbe4 Phish Alert Button, which stems from insufficient domain authentication and could lead to remote code execution by Outlook PAB via DNS spoofing...
PT-2024-22812 · Unknown · Phish Alert Button For Outlook
Name of the Vulnerable Software and Affected Versions: Phish Alert Button for Outlook affected versions not specified Description: A local privilege escalation issue has been identified in the configuration management functionalities of Phish Alert Button for Outlook. Recommendations: At the...
Knowbe4 Phish Alert Button 安全漏洞
Knowbe4 Phish Alert Button is an application from Knowbe4 Inc. A security vulnerability exists in Knowbe4 Phish Alert Button that stems from the ability to perform local elevation of privilege by modifying configuration files...
SuperCali 1.1.0 Cross Site Scripting
Exploit Title: SuperCali Version : 1.1.0 - Reflected XSS Date: 2024-23-02 Exploit Author: tmrswrr Vendor Homepage: https://supercali.inforest.com Version : 1.1.0 Tested on: https://softaculous.com/demos/supercali 1 Go to admin login url : https://127.0.0.1/SuperCali/login.php 2 Write your payload...
Dotclear 2.29 Cross Site Scripting Vulnerability
Exploit Title: Dotclear Version : 2.29 - Reflected XSS Exploit Author: tmrswrr Vendor Homepage: https://dotclear.org/ Version : 2.29 Tested on: https://softaculous.com/demos/dotclear 1 Enter admin panel after write search button this payload : " 2...
iGalerie 3.0.22 Cross Site Scripting
Exploit Title: iGalerie Version: 3.0.22 - Reflected XSS Date: 2024-7-1 Exploit Author: tmrswrr Vendor Homepage: https://www.igalerie.org/ Version: 3.0.22 Tested on: https://softaculous.com/demos/iGalerie 1 Go to home page and click edit https://127.0.0.1/iGalerie/ Titre : "sVg/onLy=1...
iGalerie 3.0.22 Cross Site Scripting Vulnerability
Exploit Title: iGalerie Version: 3.0.22 - Reflected XSS Exploit Author: tmrswrr Vendor Homepage: https://www.igalerie.org/ Version: 3.0.22 Tested on: https://softaculous.com/demos/iGalerie 1 Go to home page and click edit https://127.0.0.1/iGalerie/ Titre : "sVg/onLy=1 onLoaD=confirm1// 2 Write i...