CVE-2023-49572

CVE-2023-49572 corresponds to a persistent XSS vulnerability in VX Search Enterprise (v10.2.14) and Disk Pulse Enterprise (v10.4.18) exploitable via /setup_odbc parameters odbc_data_source, odbc_user and odbc_password. The issue allows an attacker to store and trigger malicious JavaScript payload...

CVE-2023-49572 XSS vulnerability in VX Search Enterprise

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setupodbc in odbcdatasource, odbcuser and odbcpassword parameters. This vulnerability could allow an...

Cyber Signals: Inside the growing risk of gift card fraud

In the ever-evolving landscape of cyberthreats, staying ahead of malicious actors is a constant challenge. Microsoft Threat Intelligence has observed that gift cards are attractive targets for fraud and social engineering practices. Unlike credit or debit cards, there’s no customer name or bank...

Shopware Non-Persistent XSS in the Frontend

A non-persistent Cross-Site Scripting XSS vulnerability has been identified in the Shopware eCommerce platform within the frontend. This vulnerability may allow an attacker to inject and execute malicious scripts in the context of a victim's web browser...

SolarMarker Malware Evolves to Resist Takedown Attempts with Multi-Tiered Infrastructure

The persistent threat actors behind the SolarMarker information-stealing malware have established a multi-tiered infrastructure to complicate law enforcement takedown efforts, new findings from Recorded Future show. "The core of SolarMarker's operations is its layered infrastructure, which consis...

DarkGate Malware: Persistent Threat in Active Distribution

...

DEBIAN-CVE-2024-35836

In the Linux kernel, the following vulnerability has been resolved: dpll: fix pin dump crash for rebound module When a kernel module is unbound but the pin resources were not entirely freed other kernel module instance of the same PCI device have had kept the reference to that pin, and kernel...

UBUNTU-CVE-2024-35836

In the Linux kernel, the following vulnerability has been resolved: dpll: fix pin dump crash for rebound module When a kernel module is unbound but the pin resources were not entirely freed other kernel module instance of the same PCI device have had kept the reference to that pin, and kernel...

CVE-2024-35836

In the Linux kernel, the following vulnerability has been resolved: dpll: fix pin dump crash for rebound module When a kernel module is unbound but the pin resources were not entirely freed other kernel module instance of the same PCI device have had kept the reference to that pin, and kernel...

Malicious code in discord-datas (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cdc0b10c3c3f41706cb302d6e6b02afb133f5baa93c16a2b34c6f32a6a242c22 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Panel.SmokeLoader MVID-2024-0682 Cross Site Request Forgery / Cross Site Scripting

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560fB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Panel.SmokeLoader Vulnerability: Cross Site Request Forgery CSRF - Persistent XSS Family:...

Malicious code in @content-platform/fadam-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38b39e3ee36cc6bc7c45845d588a859e0f041b0ecbc3caaebd1ff022e1fe7132 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Drupal-Wiki 8.31 / 8.30 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 secuvera-SA-2024-02: Multiple Persistent Cross-Site Scritping XSS flaws in Drupal-Wiki Affected Products Drupal Wiki 8.31 Drupal Wiki 8.30 older releases have not been tested References https://www.secuvera.de/advisories/secuvera-SA-2024-02.txt used...

CVE-2023-32173

The CVE-2023-32173 entry concerns Unified Automation UaGateway: a DoS flaw in the AddServer method where crafted arguments can inject invalid characters into an XML configuration file. The impact is a persistent denial-of-service condition, with network exposure and required authentication when t...

CVE-2023-32173 Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability

Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the...

New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw

A never-before-seen botnet called Goldoon has been observed targeting D-Link routers with a nearly decade-old critical security flaw with the goal of using the compromised devices for further attacks. The vulnerability in question is CVE-2015-2051 CVSS score: 9.8, which affects D-Link DIR-645...

CVE-2024-4337

Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting XSS vulnerability via the /adive/admin/nav/add, in multiple parameters. This vulnerability allows an attacker to retrieve the session details of an authenticated user...

CVE-2024-4336

Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting XSS vulnerability via the /adive/admin/tables/add, in multiple parameters. An attacker could retrieve the session details of an authenticated user...

unbound: novel ghost domain attack that allows attackers to trigger continued resolvability of malicious domain names

A flaw was found in Unbound, which is vulnerable to a novel type of "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates...

GHSA-5X96-J797-5QQW Sensitive Information leak via Log File in Kubernetes

In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects v1.19.3, v1.18.10, v1.17.13...