MAL-2026-3685 Malicious code in always-updates (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dee16a964c16035579f7be2f965a801f87876080603f389e1e75ec3073bd5c2c The package's sole advertised CLI aupd, registered as a consolescripts entry point to alwaysupdates.main:main executes...

Malicious code in always-updates (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dee16a964c16035579f7be2f965a801f87876080603f389e1e75ec3073bd5c2c The package's sole advertised CLI aupd, registered as a consolescripts entry point to alwaysupdates.main:main executes...

CVE-2025-45879

CVE-2025-45879 describes a cross-site scripting (XSS) vulnerability in the e-mail manager function of Miliaris Amigdala v2.2.6 . The issue allows an attacker to execute arbitrary HTML in a user’s browser via a crafted payload. The available metrics indicate a CVSS v3.1 base score of 6.1 (Medium) ...

Hospital Management System v1.0 - Stored Cross Site Scripting (XSS)

Exploit Title: Hospital Management System v1.0 - Stored Cross Site Scripting XSS Google Dork: NA Date: 28-03-2024 Exploit Author: Sandeep Vishwakarma Vendor Homepage: https://code-projects.org Software Link:...

Cross site scripting

A cross-site scripting XSS vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Publicname parameter...

BIT-LIFERAY-2023-44310

Stored cross-site scripting XSS vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's "Name" text...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Sudoedit Extra Arguments Priv Esc

This exploit takes advantage of a vulnerability in sudoedit, part of the sudo package. The sudoedit aka sudo -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of...

CVE-2021-30071

A cross-site scripting XSS vulnerability in /admin/listkey.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Microsoft Windows SMB Direct Session Takeover Exploit

This Metasploit module will intercept direct SMB authentication requests to another host, gaining access to an authenticated SMB session if successful. If the connecting user is an administrator and network logins are allowed to the target machine, this module will execute an arbitrary payload. T...

Microsoft Windows SMB Direct Session Takeover

This module will intercept direct SMB authentication requests to another host, gaining access to an authenticated SMB session if successful. If the connecting user is an administrator and network logins are allowed to the target machine, this module will execute an arbitrary payload. To exploit...

Cross-site Scripting (XSS) - Stored in admidio/admidio

Description Hi, By continuing to look at the project I was able to find a new XSS stored. Although it seems to be filtered in some parts of the site, when sending a photo as a greeting card, it is possible to include an arbitrary payload in the text field leading to a stored XSS. From OWASP :...

XSS in CreateQueuedJobTask

A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. A Cross Site Scripting vulnerability allows an attacker to inject an arbitrary payload in the CreateQueuedJobTask dev task via a specially crafted URL...

GHSA-XGPF-P52J-PF7M XSS in CreateQueuedJobTask

A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. A Cross Site Scripting vulnerability allows an attacker to inject an arbitrary payload in the CreateQueuedJobTask dev task via a specially crafted URL...

Cross-Site Scripting (XSS)

moodle/moodle is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in user's browser via by storing a malicious payload within the ID number from the user profile field...

Persistence – Modify Existing Service

It is not uncommon for APT Groups to modify an existing service on the compromised host in order to execute an arbitrary payload when the… Continue reading - Persistence - Modify Existing Service...

Denial Of Service (DoS)

subtext is vulnerable to denial of service. The maxBytes configuration is not enforced for payloads with chunked encoding that are written to the file system. This allows attackers to send requests with arbitrary payload sizes, which may exhaust system resources leading to an application crash...

Shopware createInstanceFromNamedArguments PHP Object Instantiation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Shopware createInstanceFromNamedArguments PHP Object Instantiation RCE", 'Description' = %q This module exploits a php object instantiation...

WebExec Authenticated User Code Execution Exploit

This Metasploit module uses a valid username and password of any level or password hash to execute an arbitrary payload. This Metasploit module is similar to the "psexec" module, except allows any non-guest account by default. This module requires Metasploit: https://metasploit.com/download Curre...

Polycom Shell HDX Series Traceroute Command Execution

Within Polycom command shell, a command execution flaw exists in lan traceroute, one of the dev commands, which allows for an attacker to execute arbitrary payloads with telnet or openssl. This module requires Metasploit: https://metasploit.com/download Current source:...