EUVD-2022-0185

Malicious code in bioql PyPI...

WordPress plugin Ask Me Anything 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

Authentication flaw

JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not...

msLDAPDump - LDAP Enumeration Tool

msLDAPDump simplifies LDAP enumeration in a domain environment by wrapping the lpap3 library from Python in an easy-to-use interface. Like most of my tools, this one works best on Windows. If using Unix, the tool will not resolve hostnames that are not accessible via eth0 currently. Binding...

kernel: possible to use the debugger to write zero into a location of choice

A flaw was found in the kernel/debug/debugcore.c in the Linux kernel in lockdown mode. This flaw allows an attacker with local access to trigger the debugger, bypass lockdown and write anonymously...

Design/Logic Flaw

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and external resources. It is not possible to configure...

CVE-2021-24452 W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context)

The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting XSS issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript...

W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context)

The plugin was affected by a reflected Cross-Site Scripting XSS issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript context without proper escaping. This...

W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context)

The plugin was affected by a reflected Cross-Site Scripting XSS issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript context without proper escaping. This...

Anonymously accessible Dashboards can leak private information via configured gadgets - CVE-2020-36287

The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check. Affected...

Anonymously accessible Dashboards can leak private information via configured gadgets - CVE-2020-36287

The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check. Affected...