Model Context Protocol Threat Modeling and Analyzing Vulnerabilities to Prompt Injection with Tool Poisoning

The Model Context Protocol MCP has rapidly emerged as a universal standard for connecting AI assistants to external tools and data sources. While MCP simplifies integration between AI applications and various services, it introduces significant security vulnerabilities, particularly on the client...

EUVD-2021-10302

Malware in sbrugna...

EUVD-2021-25586

Malware in sbrugna...

EUVD-2021-16193

Malware in sbrugna...

CVE-2024-30147

Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications...

BugPoC: DOM based Cross-site Scripting

Summary: The postMessage API is an alternative to JSONP, XHR with CORS headers and other methods enabling sending data between origins. It was introduced with HTML5 and like many other cross-document features it can be a source of client-side vulnerabilities. Steps To Reproduce: Visit -...

CVE-2020-15588

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM...

Electronic Logbook Multiple Cross Site Scripting Vulnerabilities

Description Electronic Logbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Th...

Vulnerability hunting with Semmle QL: DOM XSS

In two previous blog posts part 1 and part 2, we talked about using Semmle QL in C and C++ codebases to find vulnerabilities such as integer overflow, path traversal, and those leading to memory corruption. In this post, we will explore applying Semmle QL to web security by hunting for one of­­­...

Gratipay: Content type incorrectly stated

Hello, Issue detail: The response contains the following Content-type statement: Content-Type: image/jpeg The response states that it contains a JPEG image. However, it actually appears to contain unrecognized content. Issue background: If a web response specifies an incorrect content type, then...

PanTilt Wireless Network Camera - XSS Web Vulnerabilities

Document Title: =============== PanTilt Wireless Network Camera - XSS Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=797 Release Date: ============= 2012-12-25 Vulnerability Laboratory ID VL-ID: ==================================== 7...

NetCat CMS v5.0.1 - Multiple Web Vulnerabilities

Title: ====== NetCat CMS v5.0.1 - Multiple Web Vulnerabilities Date: ===== 2012-10-31 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=738 VL-ID: ===== 738 Common Vulnerability Scoring System: ==================================== 2.5 Introduction: ============= Vendor...

Symantec generic PDF detection bypass

No description provided by source. Symantec multiple products - Generic PDF bypass Cheap plug : Speaking of PDF - If you are interested in client-side vulnerabilities visit HACK.LU starting tomorrow 28-30 Oct with : Workshop: Bypassing the Perimeter: Client Side Exploitation - Nitesh Dhanjani,...

Weblogic 3.1.84.0.44.5.1 - Remote Command Execution

Weblogic 3.1.84.0.44.5.1 - Remote Command Execution source: https://www.securityfocus.com/bid/1525/info In February of 2000 CERT Coordination Center released an advisory titled "Malicious HTML Tags Embedded in Client Web Requests" advisory attached in 'Credit' section". This advisory was a joint...