14 matches found
KLA91063 SB vulnerability in Microsoft Browser
A security feature bypass vulnerability was found in Microsoft Browser. Malicious users can exploit this vulnerability to cause denial of service, bypass security restrictions. Original advisories CVE-2026-45585 Exploitation Public exploits exist for this vulnerability. Related products...
CLSA-2026-1778145319 python2: Fix of 3 CVEs
CVE-2025-8194: validate that tarfile member offsets are non-negative to prevent infinite loop / DoS during parsing of malicious tar archives - CVE-2026-4519: reject URLs with leading dashes in webbrowser.open to prevent injection of command-line options into spawned browser process -...
CLSA-2026-1777548617 Fix CVE(s): CVE-2026-4519, CVE-2026-4786
SECURITY UPDATE: webbrowser.open accepts URLs with leading dashes - debian/patches/CVE-2026-4519-CVE-2026-4786.patch: reject URLs whose lstrip starts with '-' in Lib/webbrowser.py; also fix bypass via %action substitution in UnixBrowser.open. - CVE-2026-4519 - CVE-2026-4786...
OESA-2026-2117 python3 security update
Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...
OESA-2026-2116 python3 security update
Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...
Trellix Secure Web Gateway Information Disclosure Vulnerability
Trellix Secure Web Gateway Trellix SWG is a security gateway from FireEye USA Trellix. An information disclosure vulnerability exists in Trellix Secure Web Gateway SWG version 12.x prior to 12.2.10 and version 11.x prior to 11.2.24, which stems from a browser bypassing the same-origin policy unde...
CVE-2023-38335
Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementation issues, "always private" Omnis libraries can be opened by the Omnis Studio browser by bypassin...
CVE-2023-38335
Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementation issues, "always private" Omnis libraries can be opened by the Omnis Studio browser by bypassin...
PT-2023-26369 · Omnis · Omnis Studio
Name of the Vulnerable Software and Affected Versions: Omnis Studio version 10.22.00 Description: The issue is related to incorrect access control in Omnis Studio. It has a feature to make Omnis libraries "always private", which is supposed to be an irreversible operation. However, due to...
CVE-2022-34478
The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild although we know of none exploited through Thunderbird, so in this release...
Singularity - A DNS Rebinding Attack Framework
Singularity of Origin is a tool to perform DNS rebinding attacks. It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine's IP address and to serve attack payloads to exploit vulnerable software on the target machine. It also ships with...
WebClientPrint Processor 2.0.15.109 Unauthorized Proxy Modification
Advisory: WebClientPrint Processor 2.0: Unauthorised Proxy Modification RedTeam Pentesting discovered that attackers can configure a proxy host and port to be used when fetching print jobs with WebClientPrint Processor WCPP. This proxy setting may be distributed via specially crafted websites and...
HackerOne: Session hijacking attack
Hi you have Session hijacking attack https://www.owasp.org/index.php/Sessionhijackingattack Yes, you use HttpOnly cookie , but in older browsers bypass such restrictions exist , that does not prevent in theory find this in the future . As you update the site on a daily basis and it is possible to...
ThinkSNS最新版存储型XSS
简要描述: 过滤不严格导致XSS,最新版测试xss成功 详细说明: POC: 在微吧发帖,内容写入 xss PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ+对应的是alertdocument.cookie的base64编码 firefox: 另附一枚ie下的绕过: 代码中有对javascript:进行了过滤,但是在IE下,可以通过回车来绕过,下图为过滤敏感字符片段: 可用如下语句进行绕过,这个语句不能直接写入贴子正文处,不然会被转义,需要用burp等工具来发包: test 结果: 漏洞证明: 当用户浏览贴子的时候,就会触发xss...