Panel.SmokeLoader MVID-2024-0682 Cross Site Request Forgery / Cross Site Scripting

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560fB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Panel.SmokeLoader Vulnerability: Cross Site Request Forgery CSRF - Persistent XSS Family:...

SuperStoreFinder - Multiple Vulnerabilities

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title SuperStoreFinder - Multiple Vulnerabilities .:. Google Dorks .:. "designed and built by Joe Iz." "Super Store Finder is designed and built by Joe Iz from Highwarden Huntsman." inurl:/superstorefinder/index.php ....

SuperStoreFinder - Multiple Vulnerabilities

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title SuperStoreFinder - Multiple Vulnerabilities .:. Google Dorks .:. "designed and built by Joe Iz." "Super Store Finder is designed and built by Joe Iz from Highwarden Huntsman." inurl:/superstorefinder/index.php ....

Geokit Rails Code Issue Vulnerability

Geokit Rails is Geokit open source an official Geokit plugin for Rails/ActiveRecord . A security vulnerability exists in Geokit Rails versions prior to 2.5.0, which stems from a command injection attack due to insecure YAML deserialization in the geolocation cookie, which can be exploited by an...

PT-2023-20532 · Unknown · Geokit-Rails

Name of the Vulnerable Software and Affected Versions: geokit-rails versions prior to 2.5.0 Description: The issue is related to Command Injection due to unsafe deserialization of YAML within the geo location cookie. This can be exploited remotely via a malicious cookie value, allowing an attacke...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geolocation' cookie. This issue can be exploited remotely via a malicious cookie value. Note: An attacker can use this vulnerability to execute commands on the host...

E-mailer Newsletter And Mailing System with Analytics + GEO location 1.16 Information Disclosure

================================================================================================================================== | Title : E-mailer Newsletter & Mailing System with Analytics + GEO location v1.16 information Disclosure vulnerability | | Author : indoushka | | Tested on : windows...

PT-2023-25275 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue is related to improper input validation in the getLocationCache function of GeoLocation.java. This could allow sending a mock location during an emergency call, leading to loc...

Backdoor.Win32.Chubo.c Cross Site Scripting

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/c16b04a9879896ef453a6deb13528087B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Chubo.c Vulnerability: Cross Site Scripting XSS Family: Chubo Type: Web Panel MD5:...

Popular NPM Package Updated to Wipe Russia, Belarus Systems to Protest Ukraine Invasion

In what's an act of deliberate sabotage, the developer behind the popular "node-ipc" NPM package shipped a new tampered version to condemn Russia's invasion of Ukraine, raising concerns about security in the open-source and the software supply chain. Affecting versions 10.1.1 and 10.1.2 of the...

BuilderRevengeRAT XML Injection

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/531d8b4ac8f7eb827d62424169321b2b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BuilderRevengeRAT - Revenge-RAT v0.3 Vulnerability: XML External Entity Injection Description: The...

GHSA-97M3-W2CP-4XX6 Embedded Malicious Code in node-ipc

The package node-ipc versions 10.1.1 and 10.1.2 are vulnerable to embedded malicious code that was introduced by the maintainer. The malicious code was intended to overwrite arbitrary files dependent upon the geo-location of the user IP address. The maintainer removed the malicious code in versio...

Embedded Malicious Code in node-ipc

The package node-ipc versions 10.1.1 and 10.1.2 are vulnerable to embedded malicious code that was introduced by the maintainer. The malicious code was intended to overwrite arbitrary files dependent upon the geo-location of the user IP address. The maintainer removed the malicious code in versio...

Win32.MarsStealer Web Panel Cross Site Scripting

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/8abb41f6e7010d70c90f65fd9a740faaB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Win32.MarsStealer Web Panel Vulnerability: Unauthenticated Remote Persistent XSS Description: The...

AgentTesla Builder Web Panel Cross Site Scripting

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/db9629508fda139f71f625d764c7eff7.txt Contact: [email protected] Media: twitter.com/malvuln Threat: AgentTesla Builder Web Panel Vulnerability: Cross Site Scripting XSS Description: AgentTeslaBuilder...

AgentTesla Builder Web Panel Cross Site Scripting Vulnerability

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/db9629508fda139f71f625d764c7eff7.txt Contact: email protected Media: twitter.com/malvuln Threat: AgentTesla Builder Web Panel Vulnerability: Cross Site Scripting XSS Description: AgentTeslaBuilder WebU...

Acronis: Get ip and Geo location any user via Clickjacking with inspectlet technology

Summary Get ip and Geo location any user via Clickjacking with inspectlet technology https://geoapi.acronis.com/?q=admin/views/ajax/autocomplete/user/a Steps To Reproduce 1. go to F1015419 2. will watch your geo data ex. "city":"Abu...

Geo-Recon - An OSINT CLI Tool Desgined To Fast Track IP Reputation And Geo-locaton Look Up For Security Analysts

An OSINT CLI tool desgined to fast track IP Reputation and Geo-locaton look up for Security Analysts. Setup This tool is compactible with: Any Linux Operating System Debian, Ubuntu, CentOS Termux Linux Setup git clone https://github.com/radioactivetobi/geo-recon.git cd geo-recon chmod +x...

New Privacy Features Added to the Upcoming Apple iOS 14 and macOS Big Sur

Unprecedented times call for unprecedented measures. No, we're not talking about 'coronavirus,' the current global pandemic because of which Apple—for the very first time in history—organized its Worldwide Developer Conference WWDC virtually. Here we're talking about a world in which we are all...

Vanilla: Stealing the ip addres from users

Hi team! Summary Pixel that steals your data. By creating an image in https://iplogger.org/ and inserting it in the forum we can steal some data ip, language, geo location of the users who see the message. Steps to reproduce + Set "wyswyg" on + Create an image from https://iplogger.org/ and use t...