48 matches found
EUVD-2020-27334
Malware in sbrugna...
CVE-2020-6184
Under certain conditions, ABAP Online Community in SAP NetWeaver SAPBASIS version 7.40 and SAP S/4HANA SAPBASIS versions 7.50, 7.51, 7.52, 7.53, 7.54, does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting XSS vulnerability...
Wordfence Intelligence Launching at Black Hat 2022 in Las Vegas Next Week
Wordfence protects over 4 million websites around the world on 12,000 unique networks, and we block over 1.8 billion attacks targeting those websites every month. For years we have had a relationship with our customers that is a virtuous cycle: We receive attack reports from our customers at a ra...
Open Social - Moderately critical - Access bypass - SA-CONTRIB-2022-043
Open Social is a Drupal distribution for online communities. Group entities created within Open Social did not sufficiently check entity access in group overviews, allowing users to see information in the overviews they should not have access to. Visiting the entity directly resulted in correct...
SAP NetWeaver ABAP Online Community Stored Cross-Site Scripting Vulnerability
SAP NetWeaver is SAP's integrated technology platform. A cross-site scripting vulnerability exists in SAP NetWeaver ABAP Online Community, which can be exploited by remote attackers to inject malicious script or HTML code that can be used to gain access to sensitive information or hijack user...
CVE-2020-6185
Under certain conditions ABAP Online Community in SAP NetWeaver SAPBASIS version 7.40 and SAP S/4HANA SAPBASIS versions 7.50, 7.51, 7.52, 7.53, 7.54, allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability...
CVE-2020-6184
Under certain conditions, ABAP Online Community in SAP NetWeaver SAPBASIS version 7.40 and SAP S/4HANA SAPBASIS versions 7.50, 7.51, 7.52, 7.53, 7.54, does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting XSS vulnerability...
Cross site scripting
Under certain conditions, ABAP Online Community in SAP NetWeaver SAPBASIS version 7.40 and SAP S/4HANA SAPBASIS versions 7.50, 7.51, 7.52, 7.53, 7.54, does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting XSS vulnerability...
CVE-2020-6185
SAP NetWeaver ABAP Online Community and SAP S/4HANA (SAP_BASIS 7.40 and 7.50–7.54) are affected by CVE-2020-6185. An authenticated attacker can store a payload that yields Stored Cross-Site Scripting via the described conditions. Exploitation details are not provided beyond the stored-XSS descrip...
CVE-2020-6184
Under certain conditions, ABAP Online Community in SAP NetWeaver SAPBASIS version 7.40 and SAP S/4HANA SAPBASIS versions 7.50, 7.51, 7.52, 7.53, 7.54, does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting XSS vulnerability...
CVE-2020-6184
The CVE-2020-6184 issue affects SAP NetWeaver ABAP Online Community in SAP_BASIS 7.40 and SAP_BASIS 7.50–7.54 (S/4HANA). The vulnerability arises from insufficient encoding of user-controlled inputs in the ABAP Online Community, leading to Reflected Cross-Site Scripting (XSS). The connected sourc...
A New Clue for the Kryptos Sculpture
Jim Sanborn, who designed the Kryptos sculpture in a CIA courtyard, has released another clue to the still-unsolved part 4. I think he's getting tired of waiting. Did we mention Mr. Sanborn is 74? Holding on to one of the world's most enticing secrets can be stressful. Some would-be codebreakers...
Join Microsoft Security Response at the Product Security Operations forum at LocoMocoSec!
The MSRC is more than managing vulnerability reports, publishing Microsoft security updates, and defending the cloud. The MSRC is passionate about helping everyone improve internal engineering practices and supporting the defender community, and are excited to partner with Blackberry to host a...
Local privilege escalation via the Windows I/O Manager: a variant finding collaboration
The Microsoft Security Response Center MSRC investigates all reports of security vulnerabilities affecting Microsoft products and services to help make our customers and the global online community more secure. We appreciate the excellent vulnerability research reported to us regularly from the...
Local privilege escalation via the Windows I/O Manager: a variant finding collaboration
The Microsoft Security Response Center MSRC investigates all reports of security vulnerabilities affecting Microsoft products and services to help make our customers and the global online community more secure. We appreciate the excellent vulnerability research reported to us regularly from the...
Announcing the Microsoft Azure DevOps Bounty program
The Microsoft Security Response Center MSRC is pleased to announce the launch of the Azure DevOps Bounty program, a program dedicated to providing rock-solid security for our DevOps customers. Starting January 17, 2019, we’re excited to offer rewards up to US$20,000 for eligible vulnerabilities i...
Microsoft Windows: Join Microsoft MAPS
This policy setting allows you to join Microsoft MAPS. Microsoft MAPS is the online community that helps you choose how to respond to potential threats. The community also helps stop the spread of new malicious software infections. You can choose to send basic or additional information about...
Leaked NSA Hacking Tools Were 'Mistakenly' Left By An Agent On A Remote Server
If you are a hacker, you might have enjoyed the NSA's private zero-day exploits, malware and hacking tools that were leaked last month. But the question is: How these hacking tools ended up into the hands of hackers? It has been found that the NSA itself was not directly hacked, but a former NSA...
i-Net Online Community XSS and Authentication Bypass
No description provided by source...
phpOCS <= 0.1-beta3 (index.php act) Local File Inclusion Vulnerability
No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ dunatstrcpy.pl phpOCS = 0.1-beta3 Local File Inclusion Vulnerability Script: phpOCS is a fully featured Online...