3094 matches found
Ransomware-Simulator - Ransomware Simulator Written In Golang
The goal of this repository is to provide a simple, harmless way to check your AV's protection on ransomware. This tool simulates typical ransomware behaviour, such as: Staging from a Word document macro Deleting Volume Shadow Copies Encrypting documents embedded and dropped by the simulator into...
CVE-2022-30785
A file handle created in fuselibopendir, and later used in fuselibreaddir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite...
Google Releases Security Updates for Chrome
Google has released Chrome version 102.0.5005.61 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update. Thi...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1593 more potentially affected by CVE-2020-2162 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.22)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2020-2162 Source advisory: OSV:GHSA-CRG2-6XV3-QG5F...
GHSA-3264-65PG-5XM4 Dolibarr ERP and CRM HTML Injection
There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php...
Dolibarr ERP and CRM HTML Injection
There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php...
Dolibarr Cross-site Scripting in a User Note section
Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin...
GHSA-M44P-CFWJ-WWR6 Dolibarr Cross-site Scripting in a User Note section
Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin...
renovatinghometoolsdeals.com Cross Site Scripting vulnerability OBB-2625732
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
new packages: libndp
An update is available for libndp. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterprise...
GHSA-VJ6Q-V2H7-6Q5M Jenkins cross-site scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note."...
Dolibarr cross-site scripting (XSS) vulnerability
Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the 1 CompanyName, 2 CompanyAddress, 3 CompanyZip, 4 CompanyTown, 5 Fax, 6 EMail, 7 Web, 8 ManagingDirectors, 9 Note, 10 Capital, 11 ProfId1, 12...
Joplin Vulnerable to Cross-site Scripting in Note Content
Joplin version prior to 1.0.90 contains a Cross-site Scripting XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field - information on the fix can be found here...
WordPress Note Press plugin <= 0.1.10 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability was discovered by Daniel Krohmer and Shi Chen in the WordPress Note Press plugin versions = 0.1.10. Solution Deactivate and delete. This plugin has been closed as of May 12, 2022 and is not available for download. This closure is temporary, pending a...
WordPress Note Press plugin <= 0.1.10 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability was discovered by Daniel Krohmer and Shi Chen in the WordPress Note Press plugin versions = 0.1.10. Solution Deactivate and delete. This plugin has been closed as of May 12, 2022 and is not available for download. This closure is temporary, pending a...
WordPress Note Press plugin <= 0.1.10 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability was discovered by Daniel Krohmer and Shi Chen in the WordPress Note Press plugin versions = 0.1.10. Solution Deactivate and delete. This plugin has been closed as of May 12, 2022 and is not available for download. This closure is temporary, pending a...
eurotherm-sales.com Cross Site Scripting vulnerability OBB-2613414
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Note Press <= 0.1.10 - Admin+ SQLi via Bulk Actions
The plugin does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection...
Note Press <= 0.1.10 - Admin+ SQLi via Bulk Actions
The plugin does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection PoC...
Note Press <= 0.1.10 - Admin+ SQLi via id
The plugin does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections https://example.com/wp-admin/admin.php?page=NotePress-Main-Menu&action=view&id=17+AND+SELECT+3630+FROM+SELECTSLEEP5KdTt...