854 matches found
CVE-2022-32429
An authentication-bypass issue in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh of Mega System Technologies Inc MSNSwitch MNT.2408 allows unauthenticated attackers to arbitrarily configure settings within the application, leading to remote code execution...
CVE-2022-32429
An authentication-bypass issue in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh of Mega System Technologies Inc MSNSwitch MNT.2408 allows unauthenticated attackers to arbitrarily configure settings within the application, leading to remote code execution...
mega-optic.de Cross Site Scripting vulnerability OBB-2701157
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
MEGA claims it can’t decrypt your files. But someone’s managed to…
MEGA, the cloud storage provider and file hosting service, is very proud of its end-to-end encryption. It says it couldnt decrypt your stored files, even if it wanted to. “All your data on MEGA is encrypted with a key derived from your password; in other words, your password is your main encrypti...
Researchers Uncover Ways to Break the Encryption of 'MEGA' Cloud Storage Service
A new piece of research from academics at ETH Zurich has identified a number of critical security issues in the MEGA cloud storage service that could be leveraged to break the confidentiality and integrity of user data. In a paper titled "MEGA: Malleable Encryption Goes Awry," the researchers poi...
Malicious code in npm-mega (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dead1dc1c8e5a25de0e67faeb00105cc8e8a648f491008e865f9e0407e2fd373 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4937 Malicious code in npm-mega (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dead1dc1c8e5a25de0e67faeb00105cc8e8a648f491008e865f9e0407e2fd373 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-0628
The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2022-0628
The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2022-0628
The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
Cross site scripting
The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2022-0628 AP Mega Menu < 3.0.8 - Reflected Cross-Site Scripting
The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2022-0628
CVE-2022-0628 affects the WordPress plugin Mega Menu prior to version 3.0.8. The vulnerability stems from not sanitizing/escaping the _wpnonce parameter before echoing it on an admin page, enabling Reflected Cross-Site Scripting. Impact is a user/admin-page XSS exposure as described across NVD/Re...
WordPress plugin Mega Menu 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress...
mega-travel.nl Improper Access Control vulnerability OBB-2429526
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
WordPress AP Mega Menu plugin <= 3.0.7 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress AP Mega Menu plugin versions = 3.0.7. Solution Update the WordPress AP Mega Menu plugin to the latest available version at least 3.0.8...
mega-okna.com Cross Site Scripting vulnerability OBB-2370940
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
WannaRace - WebApp Intentionally Made Vulnerable To Race Condition For Practicing Race Condition
WebApp intentionally made vulnerable to Race Condition Description Race Condition vulnerability can be practiced in the developed WebApp. Task is to buy a Mega Box using race condition that costs more than available vouchers. Two challenges are made for practice. Challenge B is to be solved when...
WordPress HT Mega plugin <= 1.6.9 - SQL injection (SQLi) vulnerability
SQL injection SQLi vulnerability discovered in WordPress HT Mega plugin versions = 1.6.9. Solution Update the WordPress HT Mega plugin to the latest available version at least 1.7.0...
DRUPAL-CONTRIB-2021-041
This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content. This module has a vulnerability whereby users can select blocks as a menu item they don't have permission to view. The vulnerability is mitigated by the fact that it can on...