EUVD-2023-32958

Malicious code in bioql PyPI...

EUVD-2024-29931

Malicious code in bioql PyPI...

EUVD-2025-2829

Malicious code in bioql PyPI...

EUVD-2023-32959

Malicious code in bioql PyPI...

EUVD-2023-39128

Malicious code in bioql PyPI...

CVE-2023-29387

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Julien Crego Manager for Icomoon plugin = 2.0 versions...

Metasploit Weekly Wrap-Up 09/06/2024

Honey, I shrunk the PHP payloads This release contains more PHP payload improvements from Julien Voisin. Last week we landed a PR from Julien that added a datastore option to the php/base64 encoder that when enabled, will use zlib to compress the payload which significantly reduced the size,...

PHP Minify Encoder

This encoder minifies a PHP payload by removing leasing spaces, trailing new lines, comments, ... Module Options msf use encoder/php/minify msf encoderminify show actions ...actions... msf encoderminify set ACTION msf encoderminify show options ...show and set options... msf encoderminify run Thi...

WinFTP 2.3.0 NLST Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WinFTP 2.3.0 NLST Denial of Service', 'Description' = %q This module is a very rough port of Julien Bedard's PoC. You need a valid login, but eve...

CVE-2024-32109

Cross-Site Request Forgery CSRF vulnerability in Julien Berthelot / MPEmbed.Com WP Matterport Shortcode allows Cross Site Request Forgery.This issue affects WP Matterport Shortcode: from n/a through 2.1.9...

CVE-2024-32109 WordPress WP Matterport Shortcode plugin <= 2.1.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Julien Berthelot / MPEmbed.Com WP Matterport Shortcode allows Cross Site Request Forgery.This issue affects WP Matterport Shortcode: from n/a through 2.1.9...

CVE-2023-29386

Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.This issue affects Manager for Icomoon: from n/a through 2.0...

CVE-2023-29386

CVE-2023-29386 concerns the WordPress WordPress Manager for Icomoon plugin (&lt;=2.0). An unauthenticated, unrestricted upload of files with dangerous types via the plugin’s upload endpoint enables arbitrary file upload. Technical details in connected docs show an exploit exists (PoC in a GitHub ...

Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems

Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could permit an unauthenticated, remote attacker to execute arbitrary code on an affected device. Tracked as CVE-2024-20253 CVSS score: 9.9, the issue stems...

CVE-2023-35094

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Julien Berthelot / MPEmbed WP Matterport Shortcode plugin = 2.1.4 versions...

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Julien Berthelot / MPEmbed WP Matterport Shortcode plugin = 2.1.4 versions...

CVE-2023-35094 WordPress WP Matterport Shortcode Plugin <= 2.1.4 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Julien Berthelot / MPEmbed WP Matterport Shortcode plugin = 2.1.4 versions...

CVE-2023-35094

CVE-2023-35094 affects the WordPress plugin MPEmbed WP Matterport Shortcode. The connected Patchstack entry confirms a stored Cross-Site Scripting (XSS) vulnerability in versions

CVE-2023-29387

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Julien Crego Manager for Icomoon plugin = 2.0 versions...

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Julien Crego Manager for Icomoon plugin = 2.0 versions...