XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader

A flaw was found in xstream. A remote attacker may be able to execute arbitrary code only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

ZipExec - A Unique Technique To Execute Binaries From A Password Protected Zip

ZipExec is a Proof-of-Concept POC tool to wrap binary-based tools into a password-protected zip file. This zip file is then base64 encoded into a string that is rebuilt on disk. This encoded string is then loaded into a JScript file that when executed, would rebuild the password-protected zip fil...

CVE-2021-24668

The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack...

CVE-2021-24668

The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack...

Cross site request forgery (csrf)

The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack...

CVE-2021-24668 MAZ Loader < 1.4.1 - Arbitrary Loader Deletion via CSRF

The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack...

CVE-2021-24668

The vulnerability CVE-2021-24668 affects the WordPress plugin MAZ Loader, specifically versions before 1.4.1. The root cause is missing nonce checks, enabling CSRF attacks that let an attacker cause administrators to delete arbitrary loaders. Impact is described as arbitrary loader deletion via C...

WordPress 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on servers running PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress plugin that stems from the MAZ Loader not...

The vulnerability of the Google Chrome browser’s loader component, which allows a hacker to execute arbitrary code.

The vulnerability of the Google Chrome browser’s loader component is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code through a specially created web page...

Hackers Exploiting ProxyLogon and ProxyShell Flaws in Spam Campaigns

Threat actors are exploiting ProxyLogon and ProxyShell exploits in unpatched Microsoft Exchange Servers as part of an ongoing spam campaign that leverages stolen email chains to bypass security software and deploy malware on vulnerable systems. The findings come from Trend Micro following an...

CVE-2021-38374

OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL...

Design/Logic Flaw

OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL...

CVE-2021-38374

OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL...

PT-2021-22088 · Open Xchange · Ox App Suite

Name of the Vulnerable Software and Affected Versions: OX App Suite versions 7.10.5 and earlier Description: The issue allows for cross-site scripting XSS attacks via a crafted snippet that contains an app loader reference within an app loader URL. This enables potential attackers to execute...

Microsoft Edge (Chromium) < 96.0.1052.29 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 96.0.1052.29. It is, therefore, affected by multiple vulnerabilities as referenced in the November 19, 2021 advisory. - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a...

Chromium: CVE-2021-38005 Use after free in loader

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

This Week in Security News - November 19, 2021

This week, learn about how the QAKBOT Loader malware has evolved its techniques and strategies over time. Also, read about the most recent initiative by the legislation to further cybersecurity protection...

GHSA-RRC9-GQF8-8RWG Prototype Pollution via file load in aws-sdk and @aws-sdk/shared-ini-file-loader

This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited furth...

CVE-2021-26335

Improper input and range checking in the AMD Secure Processor ASP boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially resulting in arbitrary code execution...

Input validation

Improper input and range checking in the AMD Secure Processor ASP boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially resulting in arbitrary code execution...