16 matches found
Astra Linux – Vulnerability in xterm
xterm before 375 allows code execution via font ops. For example, an OSC 50 response may trigger Ctrl-g, thereby leading to command execution within the vi line-editing mode of Zsh. NOTE: Font ops are not allowed in the default configurations of some Linux distributions for xterm...
EUVD-2020-0644
Malware in sbrugna...
EUVD-2021-12898
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-12648
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing...
Microsoft Word UNC Path Injector
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Gems for extracting files require 'zip' Project for creating files require 'rex/zip' class MetasploitModule 'Microsoft Word UNC Path Injector', 'Description' = %q This...
Cross-site Scripting (XSS)
CKEditor4 is vulnerable to Cross-site Scripting. The vulnerability is due to editor instances that have enabled full-page editing mode or enabled CDATA elements in the Advanced Content Filtering configuration which defaults to script and style elements. This flaw allows an attacker to inject...
CVE-2023-46743 The same file cannot be opened with different rights
application-collabora is an integration of Collabora Online in XWiki. As part of the application use cases, depending on the rights that a user has over a document, they should be able to open the office attachments files in view or edit mode. Currently, if a user opens an attachment file in edit...
PT-2022-6818
Name of the Vulnerable Software and Affected Versions xterm versions prior to 375 Description The issue is related to the lack of input validation in the xterm terminal emulator, which can be exploited by a remote attacker to gain access to confidential data, compromise its integrity, and cause a...
The vulnerability in the editing mode of Thunderbird email clients, as well as Firefox and Firefox ESR browsers, allows a perpetrator to initiate unauthorized recording and execution of arbitrary code in the target system.
The vulnerability of the editing mode in Thunderbird email clients, as well as in Firefox and Firefox ESR browsers, is related to writing beyond the memory boundaries. Exploiting this vulnerability allows a remote attacker to initiate unauthorized writing operations and execute arbitrary code on...
CVE-2020-12648
A cross-site scripting XSS vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode...
Cross site scripting
A cross-site scripting XSS vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode...
UBUNTU-CVE-2020-12648
A cross-site scripting XSS vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode...
CVE-2020-12648
Removed by vendor...
Slack: Stored XSS on team.slack.com using new Markdown editor of posts inside the Editing mode and using javascript-URIs
Hi, I noticed while looking at an old article I made a while ago that some links were actually inserted as javascript:-links. Doing some modifications to these actually revealed that inside editing mode, no protection is added for getting arbitrary scripts to run. This means that by catching the...
Microsoft Word UNC Path Injector
This module modifies a .docx file that will, upon opening, submit stored netNTLM credentials to a remote host. It can also create an empty docx file. If emailed the receiver needs to put the document in editing mode before the remote server will be contacted. Preview and read-only mode do not wor...
CVE-2011-3871
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files...