EUVD-2024-1186

Malicious code in bioql PyPI...

Favicon Trojans: Executable Steganography Via Ico Alpha Channel Exploitation

This paper presents a novel method of executable steganography using the alpha transparency layer of ICO image files to embed and deliver self-decompressing JavaScript payloads within web browsers. By targeting the least significant bit LSB of non-transparent alpha layer image values, the propose...

CVE-2024-32970

CVE-2024-32970 affects the Phlex Ruby framework. The XSS vulnerability arises from how user-provided input is rendered into HTML attributes (e.g., href or dynamic attribute names/values), allowing JavaScript execution in some contexts. Vulnerable details and remediation are documented across mult...

CVE-2024-32003

wn-dusk-plugin Dusk plugin is a plugin which integrates Laravel Dusk browser testing into Winter CMS. The Dusk plugin provides some special routes as part of its testing framework to allow a browser environment such as headless Chrome to act as a user in the Backend or User plugin without having ...

Cross-Site Request Forgery (CSRF) in pkp/omp

✍️ Description Attacker or malicious user is able to delete any user profile photo if a logged in user visits attacker website. because lack of CSRF token 🕵️‍♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally your profile photo deleted...

MTN Group: RXSS - http://macademy.mtnonline.com

The page located at http://macademy.mtnonline.com suffers from a Cross-site Scripting XSS vulnerability. XSS is a vulnerability that occurs when user input is unsafely encorporated into the HTML markup inside of a webpage. When not properly escaped an attacker can inject malicious JavaScript that...

Acronis: Stored XSS in Acronis Cyber Protect Console

Dear Acronis Security Team, Summary There is a possibility of storing an XSS on the https://mc-beta-cloud.acronis.com/ui/ console. Steps To Reproduce add details for how we can reproduce the issue 1. Login to the console with the given account 2. Go to "Protection" under "PLANS" 3. Click on "Crea...

[Sahi] Web Test Automation Tool

Sahi Pro is a powerful tool for automation of web application testing. Sahi Pro helps test web applications across different browsers with high reliability and low maintenance. Existing testing teams with minimal programming knowledge can easily get started and contribute to test automation. Sahi...

Burp Suite Pro v1.4.03 released - CSRF generator, SSL strip Added

Burp Suite Pro v1.4.03 released - CSRF generator, SSL strip Added There is a new CSRF generator, which produces proof-of-concept HTML for generating virtually any HTTP request. You can access this feature by right-clicking any item within Burp, and using the engagement tools context menu to selec...

Burp Suite Pro v1.4.03 released - CSRF generator, SSL strip Added

Burp Suite Pro v1.4.03 released - CSRF generator, SSL strip Added There is a new CSRF generator, which produces proof-of-concept HTML for generating virtually any HTTP request. You can access this feature by right-clicking any item within Burp, and using the engagement tools context menu to selec...

Multiple Browsers - Tabbed Browsing

Test Your Browser Open the link below in a new tab, then try to type data into form fields on the CitiBank website. Open this Link in New Tab Result: Keystrokes you pressed on the CitiBank website. /textarea // milw0rm.com 2004-10-22...