CVE-2023-24814

TYPO3 CVE-2023-24814 is a persisted cross-site scripting vulnerability in the TYPO3 core where GeneralUtility::getIndpEnv() reads PATH_INFO and, with config.absRefPrefix=auto, can inject HTML that gets cached and served to visitors. Affected: TYPO3 core components with PATH_INFO handling; affecte...

Malicious code in @tangoch/add-two (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db14ce679d7f0dd262266021768200a695a57df3a2609fb5b98bd03ebca95d3b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-42908

WEPA Print Away is vulnerable to a stored XSS. It does not properly sanitize uploaded filenames, allowing an attacker to deceive a user into uploading a document with a malicious filename, which will be included in subsequent HTTP responses, allowing a stored XSS to occur. This attack is persiste...

Cross site scripting

WEPA Print Away is vulnerable to a stored XSS. It does not properly sanitize uploaded filenames, allowing an attacker to deceive a user into uploading a document with a malicious filename, which will be included in subsequent HTTP responses, allowing a stored XSS to occur. This attack is persiste...

CVE-2022-42908

WEPA Print Away is vulnerable to a stored XSS. It does not properly sanitize uploaded filenames, allowing an attacker to deceive a user into uploading a document with a malicious filename, which will be included in subsequent HTTP responses, allowing a stored XSS to occur. This attack is persiste...

CVE-2022-42908

WEPA Print Away is vulnerable to a stored XSS. It does not properly sanitize uploaded filenames, allowing an attacker to deceive a user into uploading a document with a malicious filename, which will be included in subsequent HTTP responses, allowing a stored XSS to occur. This attack is persiste...

Malicious code in solc-0.8 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2cb2ef4de1156c7094d66ff9e85b4e9b17b04b11eb2348040a1f7c8756c7b0a3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Dell Enterprise SONiC OS 资源管理错误漏洞

Dell Enterprise SONiC OS Dell Enterprise Sonic Operating System is an open-source network operating system from Dell, USA. A resource management error vulnerability exists in Dell Enterprise SONiC OS, versions 3.5.3, 4.0.0, 4.0.1, and 4.0.2, which stems from a security issue contained in the...

When Pwning Cisco Persistence Is Key When Pwning Supply Chain Cisco Is Key

When Pwning Cisco, Persistence is Key - When Pwning Supply Chain, Cisco is Key By Trellix · February 1, 2023 This story was also written by Kasimir Schulz and Sam Quinn. Unlike those of the past, modern routers now function like high-powered servers with many ethernet ports running not only routi...

Malicious code in tohe-doc-resources (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 17a9a9c63d20d34ca8cd59f2c43090e89223718888b73e20c38ba84477ee6d02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in lego-stuff (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3f68048b64d2f636d41c97edba1631e654e4141f21d4b318622cc529eb5197ea Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-20494

In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11...

Ruckus Networks 安全漏洞

Ruckus Networks Unleashed C110 is a wireless LAN product from Ruckus Networks, Inc. A security vulnerability exists in multiple RUCKUS Networks products that originates from a persistent write to an unauthorized system image...

New Research Delves into the World of Malicious LNK Files and Hackers Behind Them

Cybercriminals are increasingly leveraging malicious LNK files as an initial access method to download and execute payloads such as Bumblebee, IcedID, and Qakbot. A recent study by cybersecurity experts has shown that it is possible to identify relationships between different threat actors by...

CVE-2022-46369

Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting PXSS – vulnerability may allow inserting scripts into unspecified input fields...

CVE-2022-46369 Rumpus - FTP server Persistent cross-site scripting (PXSS) – Unspecified vector

Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting PXSS – vulnerability may allow inserting scripts into unspecified input fields...

CVE-2022-40607

IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. IBM X-Force ID: 235740...

CVE-2022-40607 IBM Spectrum Scale directory traversal

IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. IBM X-Force ID: 235740...

CVE-2022-40435

Employee Performance Evaluation System v1.0 was discovered to contain a persistent cross-site scripting XSS vulnerability via adding new entries under the Departments and Designations module...

Cross site scripting

Employee Performance Evaluation System v1.0 was discovered to contain a persistent cross-site scripting XSS vulnerability via adding new entries under the Departments and Designations module...