Exploit for Unrestricted Upload of File with Dangerous Type in Stefanprodan Podinfo

CVE-2025-70849: Stored XSS in Podinfo Summary A security v...

EUVD-2006-0244

Malware in sbrugna...

Malicious Package

Overview swagger-cli-express is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

The vulnerability of the TI WooCommerce Wishlist plugin for WordPress content management system allows a hacker to write arbitrary files.

The vulnerability of the TI WooCommerce Wishlist plugin for WordPress content management system is related to the ability to download files of a dangerous type without limitation. Exploiting this vulnerability could allow an attacker to write arbitrary files...

CVE-2024-43401

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor. The user with elevated rights is not warned...

CVE-2024-43401

Summary: CVE-2024-43401 affects XWiki Platform. A user without script/programming rights can trick a user with elevated rights into editing content with a malicious payload via the WYSIWYG editor. The payload is executed at edit time, potentially impacting confidentiality, integrity, and availabi...

PT-2024-30560 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 15.10RC1 Description: A user without script or programming rights can trick a user with elevated rights to edit content with a malicious payload using a WYSIWYG editor. The user with elevated rights is not...

Design/Logic Flaw

XWiki Platform is a generic wiki platform. Starting in version 12.9-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.1, any logged in user can add dangerous content in their first name field and see it executed with programming rights. Leading to rights escalation. The vulnerability has been...

YouTube transparency report shows battle against misinformation

Statistics for YouTube community guidelines enforcement are now available for the period April to June 2022, via Googles Transparency Report. YouTube channels are terminated if they accrue three community guideline strikes in 90 days, have a case of severe abuse predatory behaviour, for example, ...

Exploit for CVE-2020-1472

SharpZeroLogon This is an exploit for CVE-2020-1472, a.k.a. Z...

The Race to Preserve the DC Mob's Digital Traces

The pro-Trump mob that stormed the US Capitol livestreamed their actions. As social media platforms scramble to remove dangerous content, what will become of all that footage?...

JVN#41035278: BookStack vulnerable to cross-site scripting

BookStack contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update the software to the latest version according to the information provided by the developer. The developer states as follows; Aft...

CVE-2006-0236

GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an...

Code injection

Hummingbird Collaboration aka Hummingbird Enterprise Collaboration 5.21 and earlier allows remote attackers to misrepresent the type and name of a file via modified docext and id parameters, which might trick a user into downloading dangerous or unexpected content...

CVE-2005-3007

Opera before 8.50 allows remote attackers to spoof the content type of files via a filename with a trailing "." dot, which might allow remote attackers to trick users into processing dangerous content...

CVE-2005-0586

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content...

CVE-2005-0586

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content...

CVE-2005-0586

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content...

Bypassing content filtering

There are common methods allowing to bypass almost any content filtering software antiviral products, CVP firewalls, mail attachment filters, etc. I believe multiple products are vulnerable. Contents: I. Bypassing attachment detection or invalid detection of attachment type. 1. Encoded filename o...

SECURITY.NNOV: Bypassing content filtering software

There are common methods allowing to bypass almost any content filtering software antiviral products, CVP firewalls, mail attachment filtering, etc. I believe multiple products are vulnerable. Contents: I. Bypassing attachment detection or invalid detection of attachment type. 1. Encoded filename...