EUVD-2014-5475

Malware in sbrugna...

EUVD-2024-35253

Malicious code in bioql PyPI...

Exploit for Incorrect Default Permissions in Microsoft

This List is no longer updated. Awesome Red Teaming List of Awesome Red Team / Red Teaming Resources This list is for anyone wishing to learn about Red Teaming but do not have a starting point. Anyway, this is a living resources and will update regularly with latest Adversarial Tactics and...

shizuoka-ebooks.jp Cross Site Scripting vulnerability OBB-3947466

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks

The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents. "A notable aspect of the current variant of ViperSoftX is that it uses the Common Language Runtime CLR to dynamically load and run PowerShell commands, thereby creating a PowerShell...

CVE-2024-39307

Kavita is a cross platform reading server. Opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Kavita doesn't sanitize or sandbox the contents of epubs, allowing scripts inside ebooks to execute. This vulnerability was patched in version 0.8.1...

CVE-2024-39307

CVE-2024-39307 affects Kavita (cross-platform reading server). The vulnerability arises when opening ebooks containing malicious scripts, as Kavita does not sanitize or sandbox EPUB contents, allowing scripts to execute in the browser context. The issue leads to code execution within the browsing...

CVE-2024-39307 Cross-Site Scripting (XSS) vulnerability via crafted ebooks in Kavita

Kavita is a cross platform reading server. Opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Kavita doesn't sanitize or sandbox the contents of epubs, allowing scripts inside ebooks to execute. This vulnerability was patched in version 0.8.1...

PT-2024-28432 · Kavita · Kavita

Name of the Vulnerable Software and Affected Versions: Kavita versions prior to 0.8.1 Description: The issue arises when an ebook containing malicious scripts is opened, leading to code execution within the browsing context. This occurs because Kavita does not sanitize or sandbox the contents of...

CVE-2024-35236 Audiobookshelf Cross-Site-Scripting vulnerability via crafted ebooks

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges upload, creation of libraries can lead to remote code execution RCE in t...

CVE-2024-35236 Audiobookshelf Cross-Site-Scripting vulnerability via crafted ebooks

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges upload, creation of libraries can lead to remote code execution RCE in t...

PT-2024-26399 · Unknown · Audiobookshelf

Name of the Vulnerable Software and Affected Versions: Audiobookshelf versions prior to 2.10.0 Description: Audiobookshelf is a self-hosted audiobook and podcast server. Opening an ebook with malicious scripts inside can lead to code execution inside the browsing context. If a user with high...

Improper Authorization

calibre is vulnerable to Improper Authorization. An attacker could exploit this vulnerability by tricking a user into opening a specially crafted ebook with calibre. The ebook would contain a malicious link that would exploit the flaw in the linktolocalpath function to escalate the attacker's...

CVE-2023-46303

linktolocalpath in ebooks/conversion/plugins/htmlinput.py in calibre before 6.19.0 can, by default, add resources outside of the document root...

CVE-2023-46303

linktolocalpath in ebooks/conversion/plugins/htmlinput.py in calibre before 6.19.0 can, by default, add resources outside of the document root...

CVE-2023-46303

linktolocalpath in ebooks/conversion/plugins/htmlinput.py in calibre before 6.19.0 can, by default, add resources outside of the document root...

CVE-2023-46303

CVE-2023-46303 affects calibre up to version 6.18.x; the vulnerability is caused by link_to_local_path in ebooks/conversion/plugins/html_input.py, which can cause resources to be added outside the document root by default. This is supported by multiple connected records noting the same issue and ...

fachbuch.hanser-ebooks.de Cross Site Scripting vulnerability OBB-3705562

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

livres-ebooks-gratuits.com Cross Site Scripting vulnerability OBB-3244915

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

SUSE CVE-2021-44686

calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service in htmlpreprocessrules in ebooks/conversion/preprocess.py...