22 matches found
Trojan Hippo: Weaponizing Agent Memory for Data Exfiltration
Memory systems enable otherwise-stateless LLM agents to persist user information across sessions, but also introduce a new attack surface. We characterize the Trojan Hippo attack, a class of persistent memory attacks that operates in a more realistic threat model than prior memory poisoning work:...
Malicious code in scary_hippopotamus_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0020c75d56c85570483ea59c082a2b516c32096f490cf82036b6192f551bf1d2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2014-6709
Malware in sbrugna...
Malicious code in test-mlw2-hippo-syrup (npm)
The package test-mlw2-hippo-syrup was found to contain malicious code...
MAL-2025-35518 Malicious code in test-mlw2-hippo-syrup (npm)
The package test-mlw2-hippo-syrup was found to contain malicious code...
Hippo CMS XML External Entity Information Disclosure Vulnerability
Hippo CMS is an open source information-centered content management system . It is a friendly interface , open system and can be integrated into existing systems to use . XXE XML External Entity is processed through SVG uploads in the image of the CMS and imported through XML in the CMS console...
Hippo CMS Cross-Site Scripting Vulnerability
Hippo CMS is an open source Java CMS. A cross-site scripting vulnerability exists in Hippo CMS versions 10.1, 7.9, and 7.8 Enterprise Edition. The failure to filter the POST parameters "groupname" and "description" allows an attacker to insert malicious code...
Hippo CMS: source code security analysis report
Several vulnerabilities were discovered in Hippo 'Hippo CMS' software: Using XSL Transformation to Execute Any Code Violating the Java Object Model Missing XML document schema validation Using Broken or Risky Cryptographic Algorithm Incorrect Permissions for External Entities During XML Document...
Kids Circus with Hippo - Dynamic Code Loading, Exported components, External URLs vulnerabilities
HackApp vulnerability scanner discovered that application Kids Circus with Hippo published at the 'play' market has multiple vulnerabilities...
Good Night Hippo - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Good Night Hippo published at the 'play' market has multiple vulnerabilities...
Hippo CMS 10.1 - Multiple Vulnerabilities
Exploit for java platform in category web applications Hippo CMS 10.1 XML External Entity Information Disclosure Vulnerability Vendor: Hippo B.V. Product web page: http://www.onehippo.org Affected version: 10.1, 7.9 and 7.8 Enterprise Edition Summary: Hippo CMS is an open source Java CMS. We buil...
Hippo CMS 10.1 - Multiple Vulnerabilities
Hippo CMS 10.1 - Multiple Vulnerabilities Hippo CMS 10.1 XML External Entity Information Disclosure Vulnerability Vendor: Hippo B.V. Product web page: http://www.onehippo.org Affected version: 10.1, 7.9 and 7.8 Enterprise Edition Summary: Hippo CMS is an open source Java CMS. We built it so you...
Hippo CMS 10.1 - Multiple Vulnerabilities
Hippo CMS 10.1 XML External Entity Information Disclosure Vulnerability Vendor: Hippo B.V. Product web page: http://www.onehippo.org Affected version: 10.1, 7.9 and 7.8 Enterprise Edition Summary: Hippo CMS is an open source Java CMS. We built it so you can easily integrate it into your existing...
Hippo CMS 10.1 XML External Entity Information Disclosure
Hippo CMS 10.1 XML External Entity Information Disclosure Vulnerability Vendor: Hippo B.V. Product web page: http://www.onehippo.org Affected version: 10.1, 7.9 and 7.8 Enterprise Edition Summary: Hippo CMS is an open source Java CMS. We built it so you can easily integrate it into your existing...
Hippo CMS 10.1 Stored Cross Site Scripting
" / " / input type="...
Hippo CMS 10.1 Stored Cross-Site Scripting Vulnerability
Summary Hippo CMS is an open source Java CMS. We built it so you can easily integrate it into your existing architecture. Description Hippo CMS suffers from a stored XSS vulnerability. Input passed thru the POST parameters 'groupname' and 'description' is not sanitized allowing the attacker to...
Hippo CMS 10.1 XML External Entity Information Disclosure Vulnerability
Summary Hippo CMS is an open source Java CMS. We built it so you can easily integrate it into your existing architecture. Description XXE XML External Entity processing through upload of SVG images in the CMS, and through XML import in the CMS Console application. Hippo CMS 10.1 XML External Enti...
Hippo CMS 7.9.7 Enterprise Edition CRLF Injection
Affected software: hippo cms Type of vulnerability:crlf URL:https://cms.demo.onehippo.com Discovered by: provensec Website: provensec.com version: CMS 7.9.7 Enterprise Edition Proof of concept payload : advanced%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-...
CVE-2014-6831
The Hippo Studio aka com.appgreen.hippostudio application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Design/Logic Flaw
The Hippo Studio aka com.appgreen.hippostudio application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...