15122 matches found
Cross Site Scripting (XSS)
sulu/sulu is vulnerable to Cross Site Scripting XSS. The vulnerability is due to a low privileged user with access to the “Media” section being able to upload an SVG file with a malicious payload, allowing an attacker to execute malicious JavaScript in the browsers of other users, including admin...
CVE-2024-34668
Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability...
Ubuntu: Security Advisory (USN-7041-3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MAL-2024-9266 Malicious code in innostage (PyPI)
The package contains code to download and execute a reverse shell script. --- -= Per source details. Do not edit below this line.=- Source: kam193 ec433c9a241ed7127dc5d6f55b002e94a2407ddd47000e50355f118536e9021e When imported, the package download and runs a remote stage - a reverse shell. To mas...
MAL-2024-9269 Malicious code in posi (PyPI)
The package contains code to download and execute a reverse shell script. --- -= Per source details. Do not edit below this line.=- Source: kam193 9eff1140edfe020fe3ef5905579f5e5d74a8cd0638332576041513ce894eb27e When imported, the package download and runs a remote stage - a reverse shell. To mas...
MAL-2024-9265 Malicious code in cyberart (PyPI)
The package contains code to download and execute a reverse shell script. --- -= Per source details. Do not edit below this line.=- Source: kam193 a56fce758142261d4c665b192e7f292a8b9c89a750be3271fc2e1c784d886828 When imported, the package download and runs a remote stage - a reverse shell. To mas...
MAL-2024-9270 Malicious code in ptsecurity (PyPI)
The package contains code to download and execute a reverse shell script. --- -= Per source details. Do not edit below this line.=- Source: kam193 a67d1a04a247e897d3da239f3ff95a95284282eb6bb38c266273167e4419b9c1 When imported, the package download and runs a remote stage - a reverse shell. To mas...
MAL-2024-9268 Malicious code in maxpatrol (PyPI)
The package contains code to download and execute a reverse shell script. --- -= Per source details. Do not edit below this line.=- Source: kam193 e7b0664f3eb50be717290db2d08e1be4a3dcbce029ad58fae9cffb04f09a51c1 When imported, the package download and runs a remote stage - a reverse shell. To mas...
Gambio Online Webshop 4.9.2.0 Code Injection
============================================================================================================================================= | Title : Gambio Online Webshop 4.9.2.0 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
CVE-2024-45933
OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting XSS which allows attackers to execute arbitrary code via the Title and summary fields in the /admin/post/edit/ endpoint...
Esri Portal For ArcGIS 跨站脚本漏洞
Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. Esri Portal For ArcGIS suffers from a cross-site scripting vulnerability that can be...
CVE-2024-41593
CVE-2024-41593 affects DrayTek Vigor310 devices up to version 4.3.2.6. The vulnerability is a heap-based buffer overflow in the web interface function ft_payload_dns due to a byte sign-extension in the length argument of a memcpy call, enabling remote code execution. Connected sources confirm the...
CVE-2024-45965
Contao before 5.5.6 allows XSS via an SVG document. This affects in contao/core-bundle in Composer 4.x before 4.13.54, 5.0.x through 5.3.x before 5.3.30, and 5.4.x and 5.5..x before 5.5.6...
CVE-2024-9394
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full...
CVE-2024-9393
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full...
CVE-2024-7674
CVE-2024-7674 affects Autodesk Navisworks where parsing a DWFX file via dwfcore.dll can trigger a heap-based buffer overflow, enabling a crash or arbitrary code execution in the current process. Affected products are Navisworks components that parse DWFX; exploitation is described as impacting th...
Infinera hiT 7300 安全漏洞
The Infinera hiT 7300 is a software-defined networking SDN-ready coherent packet-optical transport system from Infinera USA. A security vulnerability exists in the Infinera hiT 7300 version 5.60.50, which originates in a web application that allows a remote privileged attacker to execute an...
Foxit PDF Reader Elevation of Privilege Vulnerability
Foxit PDF Reader is a PDF document reader and printer with fast startup speed and rich features. An elevation of privilege vulnerability exists in Foxit PDF Reader, which stems from not properly assigning privileges when handling configuration files, and can be exploited by an attacker to elevate...
Malicious code in vault-assist-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8e6cabe2402b7271a427b21266f884d7992b70f29714ab10a32aaa2eb3c56a8d The OpenSSF Package Analysis project identified 'vault-assist-tool' @ 1.5.0 npm as malicious. It is considered malicious because: - The package...
Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar
CVE-2023-38831 WinRAR Exploit Generator Created by: tech...