9 matches found
Simulation in Cybersecurity: Understanding Techniques, Applications, and Goals
Modeling and simulation are widely used in cybersecurity research to assess cyber threats, evaluate defense mechanisms, and analyze vulnerabilities. However, the diversity of application areas, the variety of cyberattacks scenarios, and the differing objectives of these simulations makes it...
Design/Logic Flaw
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. A potential security vulnerability has been discovered in pimcore/admin-ui-classic-bundle prior to version 1.3.4. The vulnerability involves a Host Header Injection in the invitationLinkAction function of the UserController,...
CVE-2024-25625 Pimcore Host Header Injection in user invitation link
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. A potential security vulnerability has been discovered in pimcore/admin-ui-classic-bundle prior to version 1.3.4. The vulnerability involves a Host Header Injection in the invitationLinkAction function of the UserController,...
CVE-2024-25625 Pimcore Host Header Injection in user invitation link
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. A potential security vulnerability has been discovered in pimcore/admin-ui-classic-bundle prior to version 1.3.4. The vulnerability involves a Host Header Injection in the invitationLinkAction function of the UserController,...
Read the Docs vulnerable to Cross-Site Scripting (XSS)
Impact This vulnerability allowed a malicious user to serve arbitrary HTML files from the main application domain readthedocs.org/readthedocs.com by exploiting a vulnerability in the code that serves downloadable content from a project. Exploiting this would have required the attacker to get a...
Donut - Generates X86, X64, Or AMD64+x86 Position-Independent Shellcode That Loads .NET Assemblies, PE Files, And Other Windows Payloads From Memory
Donut generates x86 or x64 shellcode from VBScript, JScript, EXE, DLL including .NET Assemblies files. This shellcode can be injected into an arbitrary Windows processes for in-memory execution. Given a supported file type, parameters and an entry point where applicable such as Program.Main, it...
Shopify: H1514 Stored XSS in Return Magic App portal content
Summary: Stored XSS vulnerability was found in return magic app portal content which executes in the application domain in https://services.alveo.io/dashboard-shopify/settings/portal/content Description: It's been found that Return Magic app allows users to add HTML content to their return portal...
Cross site scripting
An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attachments are opened in a new tab instead of getting downloaded. This creates an attack vector of executing code in the domain of the application...
MS16-101: Security update for Windows authentication methods: August 9, 2016
Resolves vulnerabilities in Windows that could allow elevation of privilege if an attacker runs a specially crafted application on a domain-joined system.Important This article contains information that shows you how to help lower security settings or how to turn off security features on a...