curl: runs javascript on powershell when it shouldnt

On windows, if I run a curl on powershell for a script that should show alert1 it just executes the script when it shouldn't. I did not use AI to find or report this bug. Affected version on CMD I ran curl --version curl 8.16.0 Windows libcurl/8.16.0 Schannel zlib/1.3.1 WinIDN on powershell it...

EUVD-2022-52545

Malicious code in bioql PyPI...

CVE-2022-30715

Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window...

CVE-2022-30715

Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window...

Improper access control

Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window...

CVE-2022-30715

Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window...

PT-2022-20252 · Dofviewer · Dofviewer

Name of the Vulnerable Software and Affected Versions: DofViewer versions prior to SMR Jun-2022 Release 1 Description: The issue is related to improper access control in DofViewer, allowing attackers to control the floating system alert window. Recommendations: For versions prior to SMR Jun-2022...

Cross-site Scripting (XSS) - DOM in apexcharts/apexcharts.js

✍️ Description Last version of Apexcharts.js is vulnerable to Cross-Site Scripting XSS 🕵️‍♂️ Proof of Concept Simply try one of the examples provided in samples/vanilla-js/scatter/scatter-images.html in this way: javascript var options = series: name: 'Messenger', data: 16.4, 5.4, ..... , name:...

CVE-2019-3588

Privilege Escalation vulnerability in Microsoft Windows client McTray.exe in McAfee VirusScan Enterprise VSE 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked...

CVE-2019-3585

Privilege Escalation vulnerability in Microsoft Windows client McTray.exe in McAfee VirusScan Enterprise VSE 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges...

CVE-2019-3588

CVE-2019-3588 affects McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14. The issue is a privileges escalation in the Windows client (McTray.exe) that allows unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked. Impact ...

CVE-2019-3585

CVE-2019-3585 affects McAfee VirusScan Enterprise (VSE) 8.8 before Patch 14. The issue is a Privilege Escalation in the Microsoft Windows client (McTray.exe) where local attackers can interact with the On-Access Scan Messages – Threat Alert Window with elevated privileges by running McAfee Tray w...

CVE-2019-3585 VSE Escalation of Privileges through Alert pop-up window

Privilege Escalation vulnerability in Microsoft Windows client McTray.exe in McAfee VirusScan Enterprise VSE 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges...

jQuery <= 3.5 html() Cross Site Scripting Exploit

Exploit for jsp platform in category web applications jquery-xss-in-html jQuery 3.5 Cross-Site Scripting XSS in html Timmy Willison recently released a new version of jQuery. jQuery 3.5 fixes a cross-site scripting XSS vulnerability found in the jQuery’s HTML parser. The Snyk open source security...

Phraseanet 4.0.7 - Cross-Site Scripting

Phraseanet 4.0.7 - Cross-Site Scripting Exploit title: Stored XSS vulnerability in Phraseanet DAM Open Source software Date: 10/10/2018 Exploit Author: Krzysztof Szulski Vendor Homepage: https://www.phraseanet.com Software Link also VM: https://www.phraseanet.com/en/download/ Version affected:...

CVE-2017-15714

The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. This allows for code injection by passing that code through the URL. For example by appending this code "format=%27;alert%27xss%27" to the URL an alert window would execute...

Android Overlay and Accessibility Features Leave Millions at Risk

University researchers are warning that two features, not flaws, core to Google’s Android mobile operating system can be used together to launch clickjacking attacks to gain control of a target’s phone. The discovery was made by researchers at Georgia Institute of Technology, who call the researc...

Android Permissions Flaw Will Linger Until O Release

Google said Tuesday that a permissions flaw that puts Android users at a heightened risk for malware, ransomware and adware attacks will not be fixed until the release of its next mobile OS, Android O. The vulnerability impacts an undisclosed number of apps hosted on Google Play, researchers at...

Blojsom 2.31 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20026/info Blojsom is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to have arbitrary script code execute in the browser of...