WordPress Popup Maker 1.16.5 Plugin - Stored Cross-Site Scripting (Authenticated) Vulnerability

Exploit Title: WordPress Plugin Popup Maker Popup Settings Triggers Add New Cookie Add Cookie Time overwrite the default '1 month' with XSS payload Click 'Add' what triggers the XSS payload Payload examples: alert'XSS';...

[SECURITY] Fedora 36 Update: osgearth-3.2-7.fc36

osgEarth is a C++ terrain rendering SDK. Just create a simple XML file, point it at your imagery, elevation, and vector data, load it into your favorite OpenSceneGraph application, and go! osgEarth supports all kinds of data and comes with lots of examples to help you get up and running quickly a...

Exrop - Automatic ROP Chain Generation

Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints Requirements : Triton, ROPGadget Only support for x86-64 for now! Features: handling non-return gadgets jmp reg, call reg set registers rdi=0xxxxxx, rsi=0xxxxxx set register t...

Mageia: Security Advisory (MGASA-2018-0220)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mirai Botnet Abusing Log4j Vulnerability

Threat Researcher Larry Cashdollar has discovered evidence of the Mirai botnet abusing Log4j vulnerability and shares code examples...

com.github.lburgazzoli:atomix-boot (>=1.0.1 <=1.0.2), com.github.lburgazzoli:atomix-boot-examples (>=1.0.1 <=1.0.2) +123 more potentially affected by CVE-2020-35214 via io.atomix:atomix (>=0.1.0-beta1 <=3.1.5)

io.atomix:atomix MAVEN version =0.1.0-beta1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =3.0.0, =1.2.3-1, =0.0.2, =0.0.2, =0.0.21, =0.0.31, =0.2.12, =0.3.5 and more Source cves: CVE-2020-35214 Source advisory: OSV:GHSA-M4H3-7MC2-V295...

com.github.lburgazzoli:atomix-boot (>=1.0.1 <=1.0.2), com.github.lburgazzoli:atomix-boot-examples (>=1.0.1 <=1.0.2) +123 more potentially affected by CVE-2020-35216 via io.atomix:atomix (>=0.1.0-beta1 <=3.1.5)

io.atomix:atomix MAVEN version =0.1.0-beta1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =3.0.0, =1.2.3-1, =0.0.2, =0.0.2, =0.0.21, =0.0.31, =0.2.12, =0.3.5 and more Source cves: CVE-2020-35216 Source advisory: OSV:GHSA-6VVH-5794-VPMJ...

com.github.lburgazzoli:atomix-boot (>=1.0.1 <=1.0.2), com.github.lburgazzoli:atomix-boot-examples (>=1.0.1 <=1.0.2) +123 more potentially affected by CVE-2020-35211 via io.atomix:atomix (>=0.1.0-beta1 <=3.1.5)

io.atomix:atomix MAVEN version =0.1.0-beta1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =3.0.0, =1.2.3-1, =0.0.2, =0.0.2, =0.0.21, =0.0.31, =0.2.12, =0.3.5 and more Source cves: CVE-2020-35211 Source advisory: OSV:GHSA-4JHC-WJR3-PWH2...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228 Helpers Helpers, examples, and exploits for cv...

XC - A Small Reverse Shell For Linux And Windows

Netcat like reverse shell for Linux & Windows. Features Windows Usage: └ Shared Commands: !exit !upload uploads a file to the target !download downloads a file from the target !lfwd local portforwarding like ssh -L !rfwd remote portforwarding like ssh -R !lsfwd lists active forwards !rmfwd remove...

8x8: 8x8pilot.com: Reflected XSS in Apache Tomcat /jsp-examples example directory

A single host in the pilot environment exposed the Apache Tomcat /jsp-examples example directory. The issue has been rectified, as we removed the directory from the host...

Melting-Cobalt - A Cobalt Strike Scanner That Retrieves Detected Team Server Beacons Into A JSON Object

A tool to hunt/mine for Cobalt Strike beacons and "reduce" their beacon configuration for later indexing. Hunts can either be expansive and internet wide using services like SecurityTrails, Shodan, or ZoomEye or a list of IP's. Getting started 1. Install melting-cobalt 2. Configure your tokens to...

CVE-2021-42228

A Cross Site Request Forgery CSRF vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html...

Cross site request forgery (csrf)

A Cross Site Request Forgery CSRF vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html...

Cross site scripting

Cross SIte Scripting XSS vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor the file suffix is allowed...

CVE-2021-42228

A Cross Site Request Forgery CSRF vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html...

CVE-2021-42227

CVE-2021-42227 describes a cross‑site scripting (XSS) vulnerability in KindEditor 4.1.x . The weakness is triggered via the editor’s upload flow, specifically related to the file handling in the upload context (e.g., an upload_json.php path) and exposure through a Google search result pointing to...

Exploit for Path Traversal in Microsoft

〖EXP〗Ladon CVE-2021-40444 Office Vulnerability Reimplementatio...

Parameter updates not propagated

Handle gpersoon Vulnerability details Impact There are several functions to update parameters. However these parameters are only updated on the top level and not propagated to the other contracts. This could lead to various unpredictable results. Examples are: setNftHubAddress of RCFactory...

com.antheminc.oss:nimbus-core (>=1.1.7 <=1.2.0.M5), com.antheminc.oss:nimbus-entity-dsl (>=1.1.7 <=1.2.0.M5) +110 more potentially affected by CVE-2021-35043 via org.owasp.antisamy:antisamy (>=1.5.7 <=1.6.3)

org.owasp.antisamy:antisamy MAVEN version =1.5.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.2.1, =1.2.1, =1.2.1, =1.0.5, =1.0.5, =1.0.5, =1.0.5, =1.5.14, =1.5.14, =1.5.14, =1.5.26 and more Source cves: CVE-2021-35043 Source advisory: OSV:GHSA-9C8W-JRW3-Q2C3...