45 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...
EUVD-2004-0152
Malware in sbrugna...
EUVD-2004-0153
Malware in sbrugna...
WordPress GP Unique ID plugin <= 1.5.5 - Unauthenticated Form Submission Unique ID Modification vulnerability
Unauthenticated Form Submission Unique ID Modification vulnerability discovered by Karl Emil Nikka in WordPress Plugin Gravity Forms Unique ID versions = 1.5.5...
WordPress LearnDash LMS Plugin <= 4.10.1 is vulnerable to Sensitive Data Exposure
Software LearnDash LMS Type Plugin Vulnerable versions = 4.10.1 Fixed in 4.10.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-1210 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID eac39e71b914 Credits Karl Emil Nikka Required...
ra-emil-oswald.de Cross Site Scripting vulnerability OBB-3653397
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
emil-a-peters.de Cross Site Scripting vulnerability OBB-3621247
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
emil-muenzenmaier.de Cross Site Scripting vulnerability OBB-3279824
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
SUSE CVE-2004-0153
Multiple format string vulnerabilities in emil 2.1.0 and earlier may allow remote attackers to execute arbitrary code by triggering certain error messages...
SUSE CVE-2004-0152
Multiple stack-based buffer overflows in 1 the encodemime function, 2 the encodeuuencode function, 3 or the decodeuuencode function for emil 2.1.0 and earlier allow remote attackers to execute arbitrary code via e-mail messages containing attachments with filenames...
bugs.emilschlampp.de Cross Site Scripting vulnerability OBB-2546976
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
emil-kritzky.de Improper Access Control vulnerability OBB-2394065
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
emil-a-peters.de Cross Site Scripting vulnerability OBB-2337553
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
WordPress LiteSpeed Cache plugin <= 4.4.3 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Emil Kylander in WordPress LiteSpeed Cache plugin versions = 4.4.3. Solution Update the WordPress LiteSpeed Cache plugin to the latest available version at least 4.4.4...
WordPress LiteSpeed Cache plugin <= 4.4.3 - IP Check Bypass to Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
IP Check Bypass to Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Emil Kylander in WordPress LiteSpeed Cache plugin versions = 4.4.3. Solution Update the WordPress LiteSpeed Cache plugin to the latest available version at least 4.4.4...
WordPress Maintenance plugin <= 4.02 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Emil Kylander in WordPress Maintenance plugin versions = 4.02. Solution Update the WordPress Maintenance plugin to the latest available version at least 4.03...
emil-webdesign.net Cross Site Scripting vulnerability OBB-1491135
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Cloudflare fixed an HTTP/2 smuggling vulnerability
On July 14th, Emil Lerner found and explored new ways of HTTP desync/smuggling exploitation based on HTTP/2 request processing issues. He submitted the bug to the Cloudflare security team through their bug bounty program. This security issue took Cloudflare a week to fix and was completed on July...
Apple OS X Entitlements Rootpipe Privilege Escalation Exploit
This Metasploit module exploits the rootpipe vulnerability and bypasses Apple's initial fix for the issue by injecting code into a process with the 'admin.writeconfig' entitlement. This module requires Metasploit: http://metasploit.com/download Current source:...
Mac OS X rootpipe Local Privilege Escalation
PoC exploit code for rootpipe CVE-2015-1130 Created by Emil Kvarnhammar, TrueSec Tested on OS X 10.7.5, 10.8.2, 10.9.5 and 10.10.2 import os import sys import platform import re import ctypes import objc import sys from Cocoa import NSData, NSMutableDictionary, NSFilePosixPermissions from...