Lucene search
K

1556 matches found

Github Security Blog
Github Security Blog
added 2024/10/22 5:50 p.m.18 views

Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section

Impact This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the code, you can potentially elevate all users and grant them admin privileges or access protected content. Patches Will be patched in 14.3.1 and 15.0.0. Workarounds...

8.7CVSS7AI score0.00326EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2024/10/22 4:15 p.m.36 views

CVE-2024-47819

Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the...

8.7CVSS0.00326EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/22 3:25 p.m.10 views

CVE-2024-47819 Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section

Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the...

4.2CVSS6.7AI score0.00326EPSS
Exploits0References1
CVE
CVE
added 2024/10/22 3:25 p.m.48 views

CVE-2024-47819

CVE-2024-47819 – Umbraco XSS (Dictionary section) Affected: Umbraco CMS (.NET) versions 14.0.0 up to, but not including, 14.3.1 and 15.0.0.Root cause: cross-site scripting vulnerability in the Dictionary section that can be triggered by an admin-privileged user to execute injected scripts.Impact:...

8.7CVSS4.8AI score0.00326EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/10/22 3:25 p.m.24 views

CVE-2024-47819 Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section

Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the...

4.2CVSS6.1AI score0.00326EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/22 12:0 a.m.4 views

PT-2024-32830 · Umbraco · Umbraco

Name of the Vulnerable Software and Affected Versions: Umbraco versions 14.0.0 through 14.3.0 Umbraco versions prior to 15.0.0 Description: The issue allows for cross-site scripting, which can be leveraged to gain access to higher-privilege endpoints. If a user with admin privileges runs the code...

8.7CVSS7.4AI score0.00326EPSS
Exploits0References8
The Hacker News
The Hacker News
added 2024/10/11 11:0 a.m.45 views

How Hybrid Password Attacks Work and How to Defend Against Them

Threat actors constantly change tactics to bypass cybersecurity measures, developing innovative methods to steal user credentials. Hybrid password attacks merge multiple cracking techniques to amplify their effectiveness. These combined approaches exploit the strengths of various methods,...

7.4AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/19 3:48 p.m.19 views

Security Bulletin:IBM Asset Data Dictionary Component uses aircompressor-0.21.jar which is vulnerable to CVE-2024-36114

Summary IBM Asset Data Dictionary Component uses aircompressor-0.21.jar which is vulnerable to CVE-2024-36114. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-36114 DESCRIPTION: airlift aircompressor could allow a local attacker...

8.6CVSS8.1AI score0.00504EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2024/09/18 12:0 a.m.3 views

CIRCUTOR Q-SMT 安全漏洞

CIRCUTOR Q-SMT is an industrial hardware device from CIRCUTOR, Inc. A security vulnerability exists in CIRCUTOR Q-SMT version 1.0.4, which stems from an attacker's ability to construct a dictionary of potential users and inspect server responses without knowing the current user in the web...

5.3CVSS6.7AI score0.00312EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/16 6:41 a.m.17 views

CVE-2024-45833 Mobile password gets saved in dictionary under conditions

Mattermost Mobile Apps versions =2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the password to get saved in the dictionary when the user has Swiftkey as the default keyboard, the masking is off and the password contains a...

4.5CVSS7AI score0.00327EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/16 6:41 a.m.21 views

CVE-2024-45833 Mobile password gets saved in dictionary under conditions

Mattermost Mobile Apps versions =2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the password to get saved in the dictionary when the user has Swiftkey as the default keyboard, the masking is off and the password contains a...

4.5CVSS0.00327EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/02 4:50 p.m.25 views

CVE-2024-45312 Arbitrary language parameter can passed to `aspell` executable via spelling requests in overleaf

Overleaf is a web-based collaborative LaTeX editor. Overleaf Community Edition and Server Pro prior to version 5.0.7 or 4.2.7 for the 4.x series contain a vulnerability that allows an arbitrary language parameter in client spelling requests to be passed to the aspell executable running on the...

5.3CVSS0.00478EPSS
Exploits0References3
OSV
OSV
added 2024/09/02 5:15 a.m.2 views

CVE-2024-7871

SQL Injection in online dictionary function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the word parameter...

8.7CVSS6.1AI score
Exploits0References1
NVD
NVD
added 2024/09/02 5:15 a.m.25 views

CVE-2024-7871

SQL Injection in online dictionary function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the word parameter...

8.8CVSS0.00519EPSS
Exploits0References1
CVE
CVE
added 2024/09/02 4:0 a.m.50 views

CVE-2024-7871

CVE-2024-7871: SQL Injection in the online dictionary function of Easytest Online Test Platform (versions 24E01 and earlier). Root cause: vulnerable handling of the word parameter enables arbitrary SQL execution by remote authenticated users. Impact notes (from CVSS): high confidentiality, integr...

8.8CVSS9AI score0.00519EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/02 12:0 a.m.7 views

PT-2024-31564 · Overleaf · Overleaf Server Pro +1

Name of the Vulnerable Software and Affected Versions: Overleaf Community Edition and Server Pro versions prior to 5.0.7 Overleaf Community Edition and Server Pro versions 4.x prior to 4.2.7 Description: Overleaf is a web-based collaborative LaTeX editor. The issue allows an arbitrary language...

5.3CVSS6.9AI score0.00478EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/09/02 12:0 a.m.6 views

Overleaf 安全漏洞

Overleaf is an open source online real-time collaborative LaTeX editor from Overleaf Open Source. A security vulnerability exists in Overleaf. An attacker can exploit the vulnerability to load a dictionary file with an arbitrary filename...

5.3CVSS6.8AI score0.00478EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.170 views

IBM WebSphere MQ Channel Name Bruteforce

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IBM WebSphere MQ Channel Name Bruteforce', 'Description' = 'This module uses a dictionary to bruteforce MQ channel names. For all identified...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/09/01 12:0 a.m.6 views

PT-2024-38648 · Unknown · Easytest Online Test Platform

Name of the Vulnerable Software and Affected Versions: Easytest Online Test Platform versions 24E01 and earlier Description: The issue allows remote authenticated users to execute arbitrary SQL commands via the word parameter in the online dictionary function. This can potentially lead to...

8.8CVSS8.2AI score0.00519EPSS
Exploits0References7
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.148 views

IBM Lotus Notes Sametime Room Name Bruteforce

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'enumerable' class MetasploitModule 'IBM Lotus Notes Sametime Room Name Bruteforce', 'Description' = %q This module bruteforces Sametime meeting room names via t...

4.3CVSS7.1AI score0.09048EPSS
Exploits2
Rows per page
Query Builder