Command Shell, Reverse SCTP (via python)

Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+. Module Options msf use payload/python/shellreversesctp msf payloadshellreversesctp show actions ...actions... msf payloadshellreversesctp set ACTION msf payloadshellreversesctp show...

Unix Command Shell, Bind SCTP (via socat)

Creates an interactive shell via socat Module Options msf use payload/cmd/unix/bindsocatsctp msf payloadbindsocatsctp show actions ...actions... msf payloadbindsocatsctp set ACTION msf payloadbindsocatsctp show options ...show and set options... msf payloadbindsocatsctp run This module requires...

CVE-2023-23821

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Marcin Pietrzak Interactive Polish Map plugin = 1.2 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Marcin Pietrzak Interactive Polish Map plugin = 1.2 versions...

CVE-2023-23821 WordPress Interactive Polish Map Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Marcin Pietrzak Interactive Polish Map plugin = 1.2 versions...

CVE-2023-23821 WordPress Interactive Polish Map Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Marcin Pietrzak Interactive Polish Map plugin = 1.2 versions...

CVE-2023-23821

The CVE-2023-23821 entry concerns the WordPress plugin Interactive Polish Map. Affected versions are 1.2 and earlier, with a Stored XSS vulnerability that requires admin+ privileges to exploit. The root cause is inadequate sanitization/escaping of settings, enabling stored cross-site scripting by...

WordPress plugin Interactive Polish Map 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

The vulnerability of the QvsViewClient client of the QlikView analytics platform allows a perpetrator to execute cross-site scripting attacks.

The vulnerability of the QvsViewClient client of the QlikView analytics platform is related to the lack of measures taken to protect the structure of the web page when creating interactive objects. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks by...

ABB Multiple System 800xA Products Incorrect Default Permissions (CVE-2020-8487)

Insufficient protection of the inter-process communication functions in ABB System 800xA Base all published versions enables an attacker authenticated on the local system to inject data, affect node redundancy handling. This plugin only works with Tenable.ot. Please visit...

CVE-2023-25704

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mehjabin Orthi Interactive SVG Image Map Builder plugin = 1.0 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mehjabin Orthi Interactive SVG Image Map Builder plugin = 1.0 versions...

CVE-2023-25704 WordPress Interactive SVG Image Map Builder Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mehjabin Orthi Interactive SVG Image Map Builder plugin = 1.0 versions...

CVE-2023-25704

CVE-2023-25704 involves a Stored Cross-Site Scripting (XSS) vulnerability in the Mehjabin Orthi Interactive SVG Image Map Builder plugin for WordPress, affecting versions

CVE-2023-26493 Command Injection in Cocos Engine workflow

Cocos Engine is an open-source framework for building 2D & 3D real-time rendering and interactive content. In the github repo for Cocos Engine the web-interface-check.yml was subject to command injection. The web-interface-check.yml was triggered when a pull request was opened or updated and...

Interactive `run` permission prompt spoofing via improper ANSI neutralization

Summary Arbitrary program names without any ANSI filtering allows any malicious program to clear the first 2 lines of a opspawnchild or opkill prompt and replace it with any desired text. Details The main entry point comes down to the ability to override what the API control says 40process.js...

CVE-2023-28446 Deno is vulnerable to interactive `run` permission prompt spoofing via improper ANSI neutralization

Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Arbitrary program names without any ANSI filtering allows any malicious program to clear the first 2 lines of a opspawnchild or opkill prompt and replace it with any desired text. This wor...

CVE-2023-28446 Deno is vulnerable to interactive `run` permission prompt spoofing via improper ANSI neutralization

Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Arbitrary program names without any ANSI filtering allows any malicious program to clear the first 2 lines of a opspawnchild or opkill prompt and replace it with any desired text. This wor...

CVE-2023-28446 Deno is vulnerable to interactive `run` permission prompt spoofing via improper ANSI neutralization

Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Arbitrary program names without any ANSI filtering allows any malicious program to clear the first 2 lines of a opspawnchild or opkill prompt and replace it with any desired text. This wor...

Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process

A vulnerability identified in the implementation of Tailscale SSH in FreeBSD allowed commands to be run with a higher privilege group ID than that specified by Tailscale SSH access rules. Affected platforms: FreeBSD Patched Tailscale client versions: v1.38.2 or later What happened? A difference i...