GHSA-3P87-W3C5-27GF phpMyAdmin Multiple XSS Vulnerabilities After Inline Editing and Save

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to 1...

Powershell Exec, Windows Command Shell, Hidden Bind TCP Inline

Execute an x86 payload from a command via PowerShell. Listen for a connection from certain IP and spawn a command shell. The shellcode will reply with a RST packet if the connections is not coming from the IP defined in AHOST. This way the port will appear as "closed" helping us to hide the...

Powershell Exec, Windows x86 Pingback, Bind TCP Inline

Execute an x86 payload from a command via PowerShell. Open a socket and report UUID when a connection is received Windows x86 Module Options msf use payload/cmd/windows/powershell/pingbackbindtcp msf payloadpingbackbindtcp show actions ...actions... msf payloadpingbackbindtcp set ACTION msf...

Powershell Exec, Windows x64 Command Shell, Bind TCP Inline

Execute an x64 payload from a command via PowerShell. Listen for a connection and spawn a command shell Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp...

Powershell Exec, Windows Disable Windows ICF, Command Shell, Bind TCP Inline

Execute an x86 payload from a command via PowerShell. Disable the Windows ICF, then listen for a connection and spawn a command shell Module Options msf use payload/cmd/windows/powershell/shellbindtcpxpfw msf payloadshellbindtcpxpfw show actions ...actions... msf payloadshellbindtcpxpfw set ACTIO...

Powershell Exec, Windows Command Shell, Reverse TCP Inline

Execute an x86 payload from a command via PowerShell. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/windows/powershell/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp sho...

Powershell Exec, Windows Meterpreter Shell, Reverse TCP Inline (IPv6)

Execute an x86 payload from a command via PowerShell. Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/powershell/meterpreterreverseipv6tcp msf payloadmeterpreterreverseipv6tcp show actions ...actions... msf...

Powershell Exec, Windows Meterpreter Service, Reverse TCP Inline

Execute an x86 payload from a command via PowerShell. Stub payload for interacting with a Meterpreter Service Module Options msf use payload/cmd/windows/powershell/metsvcreversetcp msf payloadmetsvcreversetcp show actions ...actions... msf payloadmetsvcreversetcp set ACTION msf...

Powershell Exec, Windows Command Shell, Bind TCP Inline

Execute an x86 payload from a command via PowerShell. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/windows/powershell/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options...

kernel: race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem

A flaw was found in the Linux kernel. A race condition was discovered in the ext4 subsystem. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-005)

The version of kernel installed on the remote host is prior to 5.10.62-55.141. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-005 advisory. A flaw was found in the Linux kernel's implementation of wireless drivers using the Atheros chipsets. An...

CLSA-2022-1651146021 Fix of CVE: CVE-2022-0617, CVE-2021-40490, CVE-2021-29154, CVE-2022-0435, CVE-2021-4154, CVE-2021-3753, CVE-2021-38160, CVE-2021-45485, CVE-2021-3752, CVE-2021-41864, CVE-2021-4083, CVE-2021-26930

udf: Restore ilenAlloc when inode expansion fails Jan Kara CVE-2022-0617 - udf: Fix NULL ptr deref when converting from inline format Jan Kara CVE-2022-0617 - Bluetooth: fix use-after-free error in locksocknested Wang ShaoBo CVE-2021-3752 - vtkdsetmode: extend console locking Linus Torvalds...

CVE-2022-0765

The Loco Translate WordPress plugin before 2.6.1 does not properly remove inline events from elements in the source translation strings before outputting them in the editor in the plugin admin panel, allowing any user with access to the plugin Translator and Administrator by default to add...

CVE-2022-0765

The Loco Translate WordPress plugin before 2.6.1 does not properly remove inline events from elements in the source translation strings before outputting them in the editor in the plugin admin panel, allowing any user with access to the plugin Translator and Administrator by default to add...

Inline DTD allows XML bomb attack

The SweetXml aka sweetxml package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service resource consumption via an XML entity expansion attack with an inline DTD...

GHSA-QPMC-WPRV-X746 Inline DTD allows XML bomb attack

The SweetXml aka sweetxml package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service resource consumption via an XML entity expansion attack with an inline DTD...

Mozilla: iframe contents could be rendered outside the border

The Mozilla Foundation Security Advisory describes this flaw as: Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks...

Mozilla: iframe contents could be rendered outside the border

The Mozilla Foundation Security Advisory describes this flaw as: Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks...

Mozilla: iframe contents could be rendered outside the border

The Mozilla Foundation Security Advisory describes this flaw as: Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks...

Cockpit 安全漏洞

Cockpit is an interactive server management interface. a security vulnerability exists in Cockpit, which stems from another website within the ＜iFrame＞ HTML entry rendering pages from the cockpit server that could be used by malicious websites for clickjacking or similar attacks. No detailed...