BIT-RABBITMQ-2025-30219 RabbitMQ has XSS Vulnerability in an Error Message in Management UI

RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable with other on disk file modifications can lead to arbitrary JavaScript code execution in the browsers of...

CVE-2025-30219

RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable with other on disk file modifications can lead to arbitrary JavaScript code execution in the browsers of...

CVE-2025-30219 RabbitMQ has XSS Vulnerability in an Error Message in Management UI

RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable with other on disk file modifications can lead to arbitrary JavaScript code execution in the browsers of...

CVE-2025-30219

CVE-2025-30219 describes an XSS in RabbitMQ management UI where an unescaped virtual host name in an error message could allow script execution. Public advisories show patches for Open Source RabbitMQ 4.0.3 and Tanzu RabbitMQ 4.0.3, and 3.13.8. OpenSUSE/SUSE advisories (SUSE-SU-2025:01466-1; SUSE...

CVE-2024-0135

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure,...

GHSA-8FVR-5RQF-3WWH Information Exposure in Docker Engine

Docker Engine before 1.6.1 uses weak permissions for 1 /proc/asound, 2 /proc/timerstats, 3 /proc/latencystats, and 4 /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image...

Cisco Content Security Virtual Appliance M380 IronPort Remote Cross Site Host Modification Exploit

// // // Disclaimer: // This or previous programs are for Educational purpose ONLY. Do not use it without permission. // The usual disclaimer applies, especially the fact that Todor Donev is not liable for any damages // caused by direct or indirect use of the information or functionality provide...

WordPress Core 5.2.3 - Cross-Site Host Modification

!/usr/bin/perl -w Wordpress Type: Remote Risk: High Solution: Set security headers to web server and no-cache for Cache-Control Simple Attack Scenarios: o This attack can bypass Simple WAF to access restricted content on the web server, something like phpMyAdmin; o This attack can deface the...

WordPress 5.2.3 - Cross-Site Host Modification

WordPress 5.2.3 - Cross-Site Host Modification !/usr/bin/perl -w Wordpress Type: Remote Risk: High Solution: Set security headers to web server and no-cache for Cache-Control Simple Attack Scenarios: o This attack can bypass Simple WAF to access restricted content on the web server, something lik...

WordPress 5.2.3 - Cross-Site Host Modification Exploit

Exploit for php platform in category web applications !/usr/bin/perl -w Wordpress Type: Remote Risk: High Solution: Set security headers to web server and no-cache for Cache-Control Simple Attack Scenarios: o This attack can bypass Simple WAF to access restricted content on the web server,...

CVE-2018-20135

Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostname used for load balancing on installations of applications through a man-in-the-middle attack. An attacker may trick Galaxy Apps into using an arbitrary hostname for which the attacker can provide a valid SSL certificate, and...

Design/Logic Flaw

Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the applyextra script sandbox, which allows attackers to modify a host-side executable file...

Dell EMC iDRAC Insecure File Permissions Vulnerability

The Dell EMC iDRAC Service Module iSM is a suite of lightweight software from Dell Inc. that runs on servers. The software extends the Integrated Dell EMC Remote Access Controller iDRAC to the host operating system. A security vulnerability exists in the Dell EMC iSM for Linux and XenServer based...

docker: Read/write proc paths allow host modification & information disclosure

Docker Engine before 1.6.1 uses weak permissions for 1 /proc/asound, 2 /proc/timerstats, 3 /proc/latencystats, and 4 /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image...

PT-2015-6250 · Docker +2 · Docker Engine +3

Name of the Vulnerable Software and Affected Versions: Docker Engine versions prior to 1.6.1 Description: The issue allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image. This is due to weak permissions for certain /proc...

WebYaST Host Modification MiTM

The WebYaST web client hosted on the remote web server is vulnerable to a man-in-the-middle attack. Authentication is not required to modify which hosts the WebYaST web client is configured to connect to. A remote, unauthenticated attacker could exploit this by causing all WebYaST traffic to be...