PT-2026-46048

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS...

EUVD-2022-45011

Malicious code in bioql PyPI...

TFTP Fetch

Fetch and execute an PPC payload from an TFTP server. Module Options msf use payload/cmd/linux/tftp/ppc/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and set...

TFTP Fetch, Linux Command Shell, Reverse TCP Inline

Fetch and execute an MIPSBE payload from a TFTP server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/tftp/mipsbe/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp sh...

Improper Access Control

undici is vulnerable to Improper Access Control. This vulnerability is due to insufficient validation of the integrity option passed to the fetch function. If an attacker can manipulate the integrity option passed to the fetch method, the request will be accepted even if the request was tampered...

SUSE CVE-2022-41404

An issue in the fetch method in the BasicProfile class of org.ini4j through version v0.5.4 allows attackers to cause a Denial of Service DoS via unspecified vectors...

Denial Of Service (DoS)

org.ini4j:ini4j is vulnerable to Denial of Service DoS attacks. The vulnerability is due to the fetch method in BasicProfile.java lacking circular dependency checks, which allows an attacker to cause a stack overflow exception resulting in Denial of Service. While the CVE claims that v0.5.4 is...

org.ini4j allows attackers to cause a Denial of Service (DoS)

An issue in the fetch method in the BasicProfile class of org.ini4j before v0.5.4 allows attackers to cause a Denial of Service DoS via unspecified vectors...

CVE-2022-41404

An issue in the fetch method in the BasicProfile class of org.ini4j through version v0.5.4 allows attackers to cause a Denial of Service DoS via unspecified vectors...

DEBIAN-CVE-2022-41404

An issue in the fetch method in the BasicProfile class of org.ini4j through version v0.5.4 allows attackers to cause a Denial of Service DoS via unspecified vectors...

CVE-2022-41404

An issue in the fetch method in the BasicProfile class of org.ini4j through version v0.5.4 allows attackers to cause a Denial of Service DoS via unspecified vectors...

Design/Logic Flaw

An issue in the fetch method in the BasicProfile class of org.ini4j before v0.5.4 allows attackers to cause a Denial of Service DoS via unspecified vectors...

CVE-2022-41404

The CVE-2022-41404 entry concerns the ini4j Java library. A flaw in the fetch() method of the BasicProfile class affects versions up to 0.5.4, allowing a Denial of Service (DoS) via unspecified vectors. Public references indicate remediation by upgrading ini4j to 0.5.4 (or later), with Debian LTS...

CVE-2022-41404

An issue in the fetch method in the BasicProfile class of org.ini4j through version v0.5.4 allows attackers to cause a Denial of Service DoS via unspecified vectors...

CVE-2022-41404

An issue in the fetch method in the BasicProfile class of org.ini4j through version v0.5.4 allows attackers to cause a Denial of Service DoS via unspecified vectors...

XSS in JSON: Old-School Attacks for Modern Applications

I recently wrote a blog post on injection-type vulnerabilities and how they were knocked down a few spots from 1 to 3 on the new OWASP Top 10 for 2022. The main focus of that article was to demonstrate how stack traces could be — and still are — used via injection attacks to gather information...