EUVD-2022-24953

Malicious code in bioql PyPI...

Authentication flaw

Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters...

PHP-Fusion 9.03.00 - Edit Profile Remote Code Execution (Metasploit)

PHP-Fusion 9.03.00 - Edit Profile Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "PHP-Fusion %q This module exploits command execution vulnerability in PHP-Fusi...

New Chrome Extension Blocks BeEF Attacks

An engineer has devised a new way to help combat BeEF, or browser exploit framework attacks. The tool, a Chrome extension, detects and blocks hooks from BeEF–an exploit tool similar to Metasploit–that uses JavaScript to control browsers. Routinely used by researchers, pen testers, and attackers,...

Wordpress Login Widget With Shortcode 3.1.1 - Multiple Vulnerabilities

Exploit for php platform in category web applications Details ================ Software: Login Widget With Shortcode Version: 3.1.1 Homepage: http://wordpress.org/plugins/login-sidebar-widget/ Advisory report:...

feeble.you!dora.exploit

Sunday, March 18, 2001 Silent delivery and installation of an executable on a target computer. No client input other than opening an email using Eudora 5.02 - Sponsored Mode provided 'use Microsoft viewer' and 'allow executables in HTML content' are enabled. One wonders why they are there in the...