EUVD-2023-56889

Malicious code in bioql PyPI...

EUVD-2022-41449

Malicious code in bioql PyPI...

Exploit for Heap-based Buffer Overflow in Adobe Acrobat_Dc

CVE-2021-39863 - Adobe Acrobat Reader DC 21.005.20048.43252...

Cross-site scripting (XSS) vulnerability in Description metadata

Summary Regardless of the role or privileges, no user should be able to inject malicious JavaScript JS scripts into the body HTML. an XSS Cross-Site Scripting vulnerability, specifically a Stored XSS, which affects all pages of the website. Once the JS script is embedded in the body HTML, the XSS...

CVE-2022-38901

A Cross-site scripting XSS vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file...

Cross site scripting

A Cross-site scripting XSS vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file...

CVE-2022-38901

A Cross-site scripting XSS vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file...

CVE-2022-38902

A Cross-site scripting XSS vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic...

CVE-2022-38902

A Cross-site scripting XSS vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic...

Cross site scripting

A Cross-site scripting XSS vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic...

CVE-2022-38902

A Cross-site scripting XSS vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic...

VOOKI - Web Application Vulnerability Scanner

Vooki is a free web application vulnerability scanner. Vooki is a user-friendly tool that you can easily scan any web application and find the vulnerabilities. Vooki includes Web Application Scanner, Rest API Scanner, and reporting section. Vooki – Web Application Scanner can help you to find the...

Algolia: [github.algolia.com] DOM Based XSS github-btn.html

Description === Vulnerable parameter: user Vulnerable script: https://github.algolia.com/github-btn.html Vulnerable code: js var params = function for var t, e = , o = window.location.href.slicewindow.location.href.indexOf"?" + 1.split"&", r = 0; r HTMLHTMLHTMLHTMLHTMLHTML&type=follow PoC 2 XSS f...

CVE-2 0 1 5-4 4 8 3: Use the feed Protocol to bypass the Firefox Mixed Content Blocker-bug warning-the black bar safety net

In Firefox 4 0. fixes a bug number for CVE-2 0 1 5-4 4 8 3 BUG. Usually Firefox can prevent the following Mixed Content mixed content: the https://mkpocapp.appspot.com/bug1148732/victim In short: the https site has a portion of the content is via the http transmission, such as resource files, etc...

Super cannon Great Cannon）defect inquiry of JS bloomer-vulnerability warning-the black bar safety net

Following the last post in the black bar to secure the article on the super cannon Great Cannon）defect inquiry of TTL article, we reference from abroad, a research organization for the event post-mortem analysis, as well as by being an attack site log and capture the code on a bloomer, locking Th...

IPCop 2.1.4 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: IPCop = 2.1.4 XSS to CSRF to Remote Command Execution Date: 21/12/2014 Author: Yann CAM @ Synetis - ASafety Vendor or Software Link: www.ipcop.org - www.ipcop.org/download.php Version: 2.1.4 Category: Remote Command Execution Google dork: Tested on: IPCop distribution IPCop...

Parsing JS Trojan attack with anti-bug warning-the black bar safety net

Web hang horse has now become hackers launched cyber attacks the main one way, and therefore protect against Web security threats, it is particularly important, this article will introduce some of the common JS hung it to the phenomenon and how to respond. Trojan has always been a hack of adept...

e107 My_Gallery Plugin Arbitrary File Download Vulnerability

e107 MyGallery Plugin Arbitrary File Download Vulnerability Release Date: 2008-03-25 Critical: Moderately critical Impact: Exposure of system information, Exposure of sensitive information Where: From remote Solution Status: Unpatched Software: MyGallery v2.3 plugin for e107 and prior Link:...

e107 Plugin My_Gallery 2.3 - Arbitrary File Download

e107 Plugin MyGallery 2.3 - Arbitrary File Download e107 MyGallery Plugin Arbitrary File Download Vulnerability Release Date: 2008-03-25 Critical: Moderately critical Impact: Exposure of system information, Exposure of sensitive information Where: From remote Solution Status: Unpatched Software:...

HP notebooks remote code execution vulnerability (multiple series)

Advisory: ///////// Multiple Hewlett-Packard notebook series are prone to a remote code execution attack. The manufacturer's preinstalled software contains a critical flaw within the software built to support one-touch button quick feature access. Overview: ///////// Software called "HP Info...