GHSA-QH7X-J4V8-QW5W Clipboard-based XSS

Impact XSS against the user. Details jsuites is vulnerable to DOM based XSS if the user can be tricked into copying anything from a malicious and pasting it into the html editor. This is because a part of the clipboard content is directly written to innerHTML causing XSS. References The Curious...

CVE-2021-32202

In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page...

kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c

A use-after-free flaw was found in the Linux kernel console driver when using the copy-paste buffer. This flaw allows a local user to crash the system...

kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c

A use-after-free flaw was found in the Linux kernel console driver when using the copy-paste buffer. This flaw allows a local user to crash the system...

New APT Hacking Group Targets Microsoft IIS Servers with ASP.NET Exploits

A new highly capable and persistent threat actor has been targeting major high-profile public and private entities in the U.S. as part of a series of targeted cyber intrusion attacks by exploiting internet-facing Microsoft Internet Information Services IIS servers to infiltrate their networks...

kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c

A use-after-free flaw was found in the Linux kernel console driver when using the copy-paste buffer. This flaw allows a local user to crash the system...

kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c

A use-after-free flaw was found in the Linux kernel console driver when using the copy-paste buffer. This flaw allows a local user to crash the system...

Code Injection in jeikeilim/kindle

Description Kindle is an easy model build package for PyTorch. Building a deep learning model became so simple that almost all model can be made by copy and paste from other existing model codes, which is vulnerable to Arbitary Code Execution. Vulnerability Vulnerable to YAML deserialization atta...

[SECURITY] Fedora 33 Update: spice-vdagent-0.21.0-1.fc33

Spice agent for Linux guests offering the following features: Features: Client mouse mode no need to grab mouse by client, no mouse lag this is handled by the daemon by feeding mouse events into the kernel via uinput. This will only work if the active X-session is running a spice-vdagent process ...

kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c

A use-after-free flaw was found in the Linux kernel console driver when using the copy-paste buffer. This flaw allows a local user to crash the system...

kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c

A use-after-free flaw was found in the Linux kernel console driver when using the copy-paste buffer. This flaw allows a local user to crash the system...

VulnCheck KEV: CVE-2011-4275

Multiple cross-site scripting XSS vulnerabilities in iTop aka IT Operations Portal 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted company name, 2 a crafted database server name, 3 a crafted CSV file, 4 a crafted copy-and-paste...

AppleiOS 13.5.1 Resource Exposure Vulnerability

Apple iOS version 13.5.1 suffers from an issue where it is possible to circumvent the copy and paste restriction from the company profile to the private profile. Thus, it is possible to extract attachments that can be previewed "Quick Look" in the native Mail client to any private app. Product:...

ACSC Releases Advisory on Cyber Campaign using Copy-Paste Compromises

The Australian Cyber Security Centre ACSC has released an advisory regarding an ongoing cyber campaign involving “copy-paste compromises” targeting Australian government and commercial networks. According to the advisory, a sophisticated malicious cyber actor is carrying out the campaign using...

CVE-2011-1588

Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error...

LanSpy 2.0.1.159 - Buffer Overflow (SEH) (Egghunter)

Exploit Title: LanSpy 2.0.1.159 - Local Buffer Overflow SEH Egghunter Exploit Author: bzyo Date: 12-19-18 Twitter: @bzyo Vulnerable Software: LanSpy 2.0.1.159 Vendor Homepage: https://lizardsystems.com Version: 2.0.1.159 Software Link 1:...

Allok Video Splitter 3.1.12.17 - Denial of Service

Exploit Title: Allok Video Splitter 3.1.1217 Date: 2018-05-09 Exploit Author: Achilles Vendor Homepage: http://www.alloksoft.com/ Vulnerable Software: http://www.alloksoft.com/allokvsplitter.exe Tested on OS: Windows 7 64-bit DE Steps to reproduce: Copy the contents of the file Evil.txt and paste...

Copy-Paste Vulnerability Through LibXML2

Nokogiri is vulnerable to attacks through a copied version of LibXML2 within the codebase. LibXML2 before 2.9.5 is vulnerable to CVE-2017-18258 - the LibXML2 decoder does not limit memory usage for what is required when decoding LZMA files...

OBS Studio 20.1.3 - Local Buffer Overflow

author = ''' Created: ScrR1pTK1dd13 Name: Greg Priest Mail: [email protected] Exploit Title: OBS-Studio-20.1.3 Local Buffer Overflow Zer0Day SEH Based PoC Date: 2018.01.15 Exploit Author: Greg Priest Version: OBS-Studio-20.1.3 Tested on: Windows7 x64 HUN/ENG Enterprise Software...

Microsoft Office Information Disclosure Vulnerability (CNVD-2018-00739)

Microsoft Office is an office software suite of products developed by the American Microsoft Corporation Microsoft. An information disclosure vulnerability exists in Microsoft Office that originates from the program failing to properly enforce copy/paste permissions on DRM-protected emails. An...