CVE-2014-125055 agnivade easy-scrypt scrypt.go VerifyPassphrase timing discrepancy

A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitability is told to be difficult...

Out-of-bounds

Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-Bounds Read when when parsing DGN files, which may allow an attacker to crash the product, disclose sensitive information, or execute arbitrary code...

The Dangers of macOS Ransomware A Closer Look at KeRanger, FileCoder, MacRansom, and EvilQuest

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary MacOS ransomware typically spreads through user-assisted methods such as downloading and running fake or trojanized applications. It can also arrive as a second-stage payload dropped or downloaded by oth...

session fixation

Description A session fixation attack allows an attacker to hijack a legitimate user session. The attack investigates a flaw in how the online application handles the session ID, especially the susceptible web application. Proof of Concept...

News & Blog Designer Pack < 3.3 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: bdpmasonry grid='1" onmouseover="alert1" style="background:red;"'...

WP Extended Search < 2.1.2 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: wpessearchform searchformcssclass='" onmouseover="alert1"'...

EulerOS Virtualization 3.0.2.6 : postgresql (EulerOS-SA-2023-1081)

According to the versions of the postgresql package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24...

GHSA-PJX4-3F3P-29V3 django-ucamlookup Cross-site Scripting vulnerability

A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading ...

CVE-2023-22457 org.xwiki.contrib:application-ckeditor-ui vulnerable to Remote Code Execution via Cross-Site Request Forgery

CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3,t he CKEditor.HTMLConverter document lacked a protection against Cross-Site Request Forgery CSRF, allowing to execute macros with the rights of the current user. If a privileged user with...

FL3R FeelBox <= 8.1 - Settings Update via CSRF to Stored XSS

The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Make a logged in admin open a page containing the HTML code below...

FL3R FeelBox <= 8.1 - Moods Reset via CSRF

The plugin does not have CSRF check when updating reseting moods which could allow attackers to make logged in admins perform such action via a CSRF attack and delete the lydlposts & lydlpoststimestamp DB tables PoC Make a logged in admin open a page containing the HTML code below...

WordPress plugin LetsRecover SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

TRENDnet TEW-755AP stack overflow vulnerability (CNVD-2023-18939)

The TRENDnet TEW-755AP is a router from TRENDnet. A stack overflow vulnerability exists in TRENDnet TEW-755AP version 1.13B01, which stems from a lack of size checking of input data in the comeo.comeo.nslookuptarget parameter of the toolsnslookup function, which can be exploited by an attacker to...

CVE-2022-43532

The CVE-2022-43532 issue affects Aruba ClearPass Policy Manager web-based management interface. A stored XSS vulnerability exists for authenticated users, enabling an attacker to inject script in the admin’s browser. Affected versions: ClearPass Policy Manager 6.10.x ≤ 6.10.7 and 6.9.x ≤ 6.9.12. ...

CVE-2022-43524

Summary (CVE-2022-43524): Aruba EdgeConnect Enterprise Orchestrator web UI vulnerable to stored XSS via authenticated access. Affects: Orchestrator on-premises/Service/SP/Global Tenant; versions 9.2.1.40179 and below, 9.1.4.40436 and below, 9.0.7.40110 and below, 8.10.23.40015 and below. Cause: s...

Design/Logic Flaw

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service ReDoS. An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite...

httparty has multipart/form-data request tampering vulnerability

Impact I found "multipart/form-data request tampering vulnerability" caused by Content-Disposition "filename" lack of escaping in httparty. httparty/lib/httparty/request body.rb def generatemultipart...

Malicious PyTorch dependency 'torchtriton' on PyPI: everything you need to know

The developers of PyTorch a popular machine-learning framework recently identified a malicious dependency confusion attack on the open-source project. Security teams are advised to check for infected resources and rotate any exposed keys...

Raspberry Robin Worm Evolves to Attack Financial and Insurance Sectors in Europe

Financial and insurance sectors in Europe have been targeted by the Raspberry Robin worm, as the malware continues to evolve its post-exploitation capabilities while remaining under the radar. "What is unique about the malware is that it is heavily obfuscated and highly complex to statically...

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to stored cross-site scriptingXSS attacks. An attacker is able to inject and execute malicious javascript via the create post functionality...