15 matches found
EUVD-2022-41317
Malicious code in bioql PyPI...
This Week in Spring - September 16th, 2025
Hi, Spring fans! Welcome to another extra special installment of This Week in Spring , wherein we celebrate a very auspicious day indeed: the release of Java 25 and GraalVM 25! That's right: an incredible new iteration of the JVM has just dropped and with it come a ton of features! Let's go throu...
Beyond File Search: A Novel Method
Beyond File Search: A Novel Method for Exploiting the "search-ms" URI Protocol Handler By Mathanraj Thangaraju and Sijo Jacob · July 26, 2023 Threat Summary In the ever-evolving landscape of cyber threats, malware authors continuously explore new avenues to exploit unsuspecting users. The Windows...
CVE-2022-38754
A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM Operations Bridge Manager user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is on...
Design/Logic Flaw
A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM Operations Bridge Manager user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is on...
CVE-2022-38754
CVE-2022-38754 affects Micro Focus Operations Bridge Manager and Operations Bridge-Containerized versions prior to 2022.11. The vulnerability is a cross-site scripting issue where a malicious authenticated OBM user could run JavaScript in the browser context of another OBM user. Impact is limited...
SAP NetWeaver AS Java Multiple XSS (2953112)
The version of SAP NetWeaver AS Java detected on the remote host may be affected by multiple cross-site scripting vulnerabilities, as follows: - SAP NetWeaver Application Server JAVA XML Forms versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an...
CVE-2020-6326
SAP NetWeaver Knowledge Management, version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting...
CVE-2020-6326
SAP NetWeaver Knowledge Management, version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting...
Bad-Pdf - Steal NTLM Hashes With A PDF From Windows Machines
Bad-PDF create malicious PDF to steal NTLM Hashes from windows machines, it utilize vulnerability disclosed by checkpoint team to create the malicious PDF file. Bad-Pdf reads the NTLM hashes using Responder listener. This method work on all PDF readersAny version and java scripts are not required...
Cross site scripting
VMware vCenter Server 6.5 prior to 6.5 U1 contains a vulnerability that may allow for stored cross-site scripting XSS. An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page...
CVE-2017-4926
VMware vCenter Server 6.5 prior to 6.5 U1 contains a vulnerability that may allow for stored cross-site scripting XSS. An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page...
CVE-2017-4926
VMware vCenter Server 6.5 prior to 6.5 U1 contains a vulnerability that may allow for stored cross-site scripting XSS. An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page...
MS16-088: Description of the security update for SharePoint Server 2016: July 12, 2016
MS16-088: Description of the security update for SharePoint Server 2016: July 12, 2016 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...
eudoraurl.txt
Date: Fri, 7 Aug 1998 13:40:54 -0400 From: "Stout, Bill" Subject: Eudora executes Java URL Eudora Pro 4.0 and 4.0.1 will execute Java from a URL. "The Eudora flaw came to light just a little more than a week after security researchers announced a similar problem in versions of Microsoft's Outlook...