XWiki Commons 跨站脚本漏洞

XWiki Commons is a technology library shared by several other top XWiki projects of the French XWiki Foundation. A cross-site scripting vulnerability exists in XWiki Commons. An attacker can exploit this vulnerability to inject arbitrary HTML code...

ProjeQtOr Project Management System 10.3.2 - Remote Code Execution Vulnerability

Exploit Title: ProjeQtOr Project Management System 10.3.2 -Remote Code Execution RCE Application: ProjeQtOr Project Management System Version: 10.3.2 Bugs: Remote Code Execution RCE Authenticated via file upload Technology: PHP Vendor URL: https://www.projeqtor.org Software Link:...

Phishing: The Oldest and Wisest Attack Vector

...

CVE-2023-28140

An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library DLL via a local attack vector instead of the DLL that the application was expecting, when processes are running with...

CVE-2023-28140

An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library DLL via a local attack vector instead of the DLL that the application was expecting, when processes are running with...

Design/Logic Flaw

An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library DLL via a local attack vector instead of the DLL that the application was expecting, when processes are running with...

Design/Logic Flaw

An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.8.0.31. Attackers may write files to arbitrary locations via a local attack vector. This allows attackers to assume the privileges of the process, and they may delete or otherwise on unauthorized...

CVE-2023-28141 NTFS Junction

An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.8.0.31. Attackers may write files to arbitrary locations via a local attack vector. This allows attackers to assume the privileges of the process, and they may delete or otherwise on unauthorized...

CVE-2023-28141

The CVE-2023-28141 issue affects Qualys Cloud Agent for Windows prior to version 4.8.0.31 and is caused by an NTFS Junction condition. An attacker with local access can write files to arbitrary locations, potentially escalating to the privileges of the agent process and modifying or deleting sens...

CVE-2023-28140 Executable Hijacking

An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library DLL via a local attack vector instead of the DLL that the application was expecting, when processes are running with...

CVE-2023-28140 Executable Hijacking

An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library DLL via a local attack vector instead of the DLL that the application was expecting, when processes are running with...

Design/Logic Flaw

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it...

Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit - Remote Code Execution (RCE)

Exploit Title: Microsoft Excel 365 MSO Version 2302 Build 16.0.16130.20186 64-bit - Remote Code Execution RCE Exploit Author: nu11secur1ty Date: 03.16.2023 Vendor: https://www.microsoft.com/en-us/microsoft-365/excel Software: https://www.microsoft.com/en-us/microsoft-365/excel Reference:...

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in phpMyFAQ versions prior to 3.1.12. An attacker can exploit this vulnerability to perform cross-site scripting attacks...

WordPress Plugin ProfilePress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

redis-py 安全漏洞

redis-py is a Python based redis interface library. A security vulnerability exists in redis-py versions prior to 4.5.4 and 4.5.x versions prior to 4.5.4. An attacker exploited the vulnerability to send response data to an unrelated requesting client...

Wrong Implementation of EIP-712

Lines of code Vulnerability details Impact The EIP-712 uses several parameters. Those parameters are exactly: EIP712Domain string name; string version; uint256 chainId; address verifyingContract; As you can see on the following Domain, ZkSync, is missing one parameter: bytes32 constant...

GHSA-9C6G-QPGJ-RVXW Streamlit publishes previously-patched Cross-site Scripting vulnerability

Synopsis: Streamlit open source publicizes a prior security fix implemented in 2021. The vulnerability affected Streamlit versions between 0.63.0 and 0.80.0 inclusive and was patched on April 21, 2021. If you are using Streamlit with version before 0.63.0 or after 0.80.0, no action is required. 1...

Adobe Dimension 缓冲区错误漏洞

Adobe Dimension is a set of 2D and 3D composite design tools from the American company Audobee Adobe. Adobe Dimension suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause a sensitive memory leak...

Adobe Dimension 缓冲区错误漏洞

Adobe Dimension is a set of 2D and 3D composite design tools from the American company Audobee Adobe. Adobe Dimension suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause a sensitive memory leak...