33 matches found
Breaking Isolation: A New Perspective on Hypervisor Exploitation Via Cross-Domain Attacks
Hypervisors are under threat by critical memory safety vulnerabilities, with pointer corruption being one of the most prevalent and severe forms. Existing exploitation frameworks depend on identifying highly-constrained structures in the host machine and accurately determining their runtime...
EUVD-2004-0911
Malware in sbrugna...
EUVD-2009-4073
Malware in sbrugna...
EUVD-2004-0191
Malware in sbrugna...
EUVD-2023-50798
Malicious code in bioql PyPI...
Critical Golden dMSA Attack in Windows Server 2025 Enables Cross-Domain Attacks and Persistent Access
Cybersecurity researchers have disclosed what they say is a "critical design flaw" in delegated Managed Service Accounts dMSAs introduced in Windows Server 2025. "The flaw can result in high-impact attacks, enabling cross-domain lateral movement and persistent access to all managed service accoun...
Busting the Paper Ballot: Voting Meets Adversarial Machine Learning
We show the security risk associated with using machine learning classifiers in United States election tabulators. The central classification task in election tabulation is deciding whether a mark does or does not appear on a bubble associated to an alternative in a contest on the ballot. Barrett...
Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them
In the past year, cross-domain attacks have gained prominence as an emerging tactic among adversaries. These operations exploit weak points across multiple domains – including endpoints, identity systems and cloud environments – so the adversary can infiltrate organizations, move laterally and...
CVE-2023-46595
Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 b570 or above, A32.50 b390 or above...
Schneider Electric Wiser Smart Incorrect Resource Transfer Between Spheres (CVE-2022-30236)
A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior This plugin only works with Tenable.ot. Please visit...
CVE-2022-30236
A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...
CVE-2022-30236
A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...
CVE-2022-30236
CVE-2022-30236 affects Schneider Electric Wiser Smart devices (EER21000/EER21001, V4.5 and prior). The vulnerability is CWE-669: Incorrect Resource Transfer Between Spheres, enabling unauthorized access via cross-domain attacks. Affected components are within the Wiser Smart platform; the NVD and...
CVE-2022-30236
A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...
CVE-2022-22808
A CWE-352: Cross-Site Request Forgery CSRF exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert...
CVE-2022-22808
A CWE-352: Cross-Site Request Forgery CSRF exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert...
Inside Microsoft Threat Protection: Correlating and consolidating attacks into incidents
Cybersecurity incidents are never contained to just one of your organization’s assets. Most attacks involve multiple elements across domains, including email, endpoints, identities, and applications. To rapidly understand and address incidents, your Security Operations Center SOC analysts need to...
Nextcloud: Clickjacking on https://nextcloud.com/
the vulnerability is Clickjacking Steps for Reproduce: 1. Create a script like this Clickjacking! The Site is Vulnerability Clickjacking 2. Enter a file name after saving it in the .html format Then the web is Vuln Clickjacking Sorry bad english im indonesian Impact By using Clickjacking techniqu...
WordPress 4.8.x < 4.8.3 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. - When domain-based...
Kernel: hw: cpu: L1 terminal fault (L1TF)
Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of...