Malicious code in babel-plugin-inline-gl-constants (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5b4230bc5ae1e029303b953ce2f3b730106c96218de4621c3189f865e9ba6447 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1405 Malicious code in babel-plugin-inline-gl-constants (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5b4230bc5ae1e029303b953ce2f3b730106c96218de4621c3189f865e9ba6447 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-1829

The Inline Google Maps WordPress plugin through 5.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...

CVE-2022-1829

The Inline Google Maps WordPress plugin through 5.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...

WordPress plugin Inline Google Maps 跨站请求伪造漏洞

WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL. WordPress plugin Inline Google Maps 5.11 and earlier versions are vulnerable to cross-site request forgery, which stems from not...

Mageia: Security Advisory (MGASA-2022-0224)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2022-0224 Updated python-pypdf2 packages fix security vulnerability

Infinite loop with manipulated inline images CVE-2022-24859...

Updated python-pypdf2 packages fix security vulnerability

Infinite loop with manipulated inline images CVE-2022-24859...

[SECURITY] [DLA 3039-1] pypdf2 security update

Debian LTS Advisory DLA-3039-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany June 03, 2022 https://wiki.debian.org/LTS Package : pypdf2 Version : 1.26.0-2+deb9u1 CVE ID : CVE-2022-24859 Debian Bug : 1009879 Sebastian Krause discovered that manipulated inline...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the viewallbugpage.php page. An attacker can inject and execute arbitrary HTML or JavaScript code in the browser of any user viewing the affected page by inserting...

Mattermost Server: Files may be rendered inline instead of downloaded, allowing script execution

An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window...

GHSA-RM24-25XM-9454 Mattermost Server: Files may be rendered inline instead of downloaded, allowing script execution

An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window...

Moodle Email media URL tokens were not checking for user status

A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token...

GHSA-774Q-WFCP-VC2Q Moodle Email media URL tokens were not checking for user status

A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via crafted filenames in the myviewpage.php Timeline feature. An attacker can execute arbitrary code visible to any user viewing the My View Page by uploading an...

phpMyAdmin Multiple XSS Vulnerabilities After Inline Editing and Save

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to 1...

phpMyAdmin Multiple XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in the PMAunInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a 1 database name, 2 table name, or 3 column name that is not properly handled after an...

GHSA-3P87-W3C5-27GF phpMyAdmin Multiple XSS Vulnerabilities After Inline Editing and Save

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to 1...

Powershell Exec, Windows Command Shell, Hidden Bind TCP Inline

Execute an x86 payload from a command via PowerShell. Listen for a connection from certain IP and spawn a command shell. The shellcode will reply with a RST packet if the connections is not coming from the IP defined in AHOST. This way the port will appear as "closed" helping us to hide the...

Powershell Exec, Windows x86 Pingback, Bind TCP Inline

Execute an x86 payload from a command via PowerShell. Open a socket and report UUID when a connection is received Windows x86 Module Options msf use payload/cmd/windows/powershell/pingbackbindtcp msf payloadpingbackbindtcp show actions ...actions... msf payloadpingbackbindtcp set ACTION msf...