Lucene search
K

157 matches found

Nuclei
Nuclei
added yesterday1017 views

Moodle LTI module Reflected - Cross-Site Scripting

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...

6.1CVSS6.5AI score0.03747EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-8716

Malware in sbrugna...

5.3CVSS5.5AI score0.05829EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2024/08/19 12:37 p.m.28 views

Cybercriminals Exploit Popular Software Searches to Spread FakeBat Malware

Cybersecurity researchers have uncovered a surge in malware infections stemming from malvertising campaigns distributing a loader called FakeBat. "These attacks are opportunistic in nature, targeting users seeking popular business software," the Mandiant Managed Defense team said in a technical...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/07/29 4:56 a.m.30 views

Gh0st RAT Trojan Targets Chinese Windows Users via Fake Chrome Site

The remote access trojan known as Gh0st RAT has been observed being delivered by an "evasive dropper" called Gh0stGambit as part of a drive-by download scheme targeting Chinese-speaking Windows users. These infections stem from a fake website "chrome-web.com" serving malicious installer packages...

8AI score
Exploits0
The Hacker News
The Hacker News
added 2024/07/03 7:5 a.m.43 views

FakeBat Loader Malware Spreads Widely Through Drive-by Download Attacks

The loader-as-a-service LaaS known as FakeBat has become one of the most widespread loader malware families distributed using the drive-by download technique this year, findings from Sekoia reveal. "FakeBat primarily aims to download and execute the next-stage payload, such as IcedID, Lumma,...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/06/10 3:24 p.m.17 views

More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack

Cybersecurity researchers have spotted a phishing attack distributing the Moreeggs malware by masquerading it as a resume, a technique originally detected more than two years ago. The attack, which was unsuccessful, targeted an unnamed company in the industrial services industry in May 2024,...

7.5AI score
Exploits0
OSV
OSV
added 2024/03/06 11:3 a.m.30 views

BIT-MOODLE-2022-35653

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...

6.1CVSS6.3AI score0.03747EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2023/11/09 1:26 p.m.47 views

New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers

A new malvertising campaign has been found to employ fake sites that masquerade as legitimate Windows news portal to propagate a malicious installer for a popular system profiling tool called CPU-Z. "This incident is a part of a larger malvertising campaign that targets other utilities like...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/05 4:31 a.m.49 views

Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors

A surge in TrueBot activity was observed in May 2023, cybersecurity researchers disclosed. "TrueBot is a downloader trojan botnet that uses command and control servers to collect information on compromised systems and uses that compromised system as a launching point for further attacks," VMware'...

9.8CVSS8.9AI score0.36009EPSS
Exploits1
The Hacker News
The Hacker News
added 2023/05/19 6:53 a.m.3 views

Searching for AI Tools? Watch Out for Rogue Sites Distributing RedLine Malware

Malicious Google Search ads for generative AI services like OpenAI ChatGPT and Midjourney are being used to direct users to sketchy websites as part of a BATLOADER campaign designed to deliver RedLine Stealer malware. "Both AI services are extremely popular but lack first-party standalone apps...

6.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/03/02 3:0 a.m.18 views

Internet Explorer users still targeted by RIG exploit kit

Despite a very slim browser market share, Internet Explorer IE is still being exploited by exploit kits like the RIG exploit kit EK. One major advantage for the malware distributors behind the exploit kit is that the outdated browser has reached end-of-life EOL, which means it no longer receives...

0.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/09/28 10:30 a.m.30 views

Erbium stealer on the hunt for data

Theres a new slice of malware-as-a-service doing the rounds, although its actual newness is somewhat contested. The stealer, called Erbium, was first spotted on forums back in July 2022, but it seems nobody is quite sure when it started being deployed and snagging victims. Nevertheless, it is now...

7.4AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/07/26 12:0 a.m.46 views

Moodle LTI module reflected XSS risk

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...

6.1CVSS6AI score0.03747EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/07/26 12:0 a.m.33 views

GHSA-62WH-M4JR-233R Moodle LTI module reflected XSS risk

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...

6.1CVSS6.3AI score0.03747EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/07/26 12:0 a.m.24 views

Moodle Stored XSS and blind SSRF possible via SCORM track details

A stored Cross-site Scripting XSS and blind Server-Side Request Forgery SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary...

6.1CVSS6.1AI score0.00879EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/07/25 4:15 p.m.6 views

CVE-2022-35653

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...

6.1CVSS6.5AI score0.03747EPSS
Exploits0References9
NVD
NVD
added 2022/07/25 4:15 p.m.33 views

CVE-2022-35653

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...

6.1CVSS0.03747EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/07/25 4:15 p.m.3 views

CVE-2022-35651

A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in contex...

6.1CVSS6.5AI score0.00879EPSS
Exploits0References8
NVD
NVD
added 2022/07/25 4:15 p.m.24 views

CVE-2022-35651

A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in contex...

6.1CVSS0.00879EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2022/07/25 4:15 p.m.152 views

CVE-2022-35653

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...

6.1CVSS6.4AI score0.03747EPSS
Exploits0References6
Rows per page
Query Builder