CVE-2017-20036 PHPList Bounce Rule Persistent cross site scriting

A vulnerability, which was classified as problematic, was found in PHPList 3.2.6. Affected is an unknown function of the file /lists/admin/ of the component Bounce Rule. The manipulation leads to cross site scripting Persistent. It is possible to launch the attack remotely. Upgrading to version...

CVE-2017-20035 PHPList Subscribe Persistent cross site scriting

A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation leads to cross site scripting Persistent. The attack may be initiated remotely. Upgrading to...

CVE-2017-20035 PHPList Subscribe Persistent cross site scriting

A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation leads to cross site scripting Persistent. The attack may be initiated remotely. Upgrading to...

CVE-2017-20034 PHPList List Name Persistent cross site scriting

A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site scripting Persistent. The attack can be initiated remotely. Upgrading to version 3.3.1 is able t...

CVE-2017-20034 PHPList List Name Persistent cross site scriting

A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site scripting Persistent. The attack can be initiated remotely. Upgrading to version 3.3.1 is able t...

Malicious code in @manomano-toolbox/catalog (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 710708eb64cdd24b39815c91bcdceb54510a8c06f3576ad492d96dd0eb259413 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ecobeeesss (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a2ab9adb1a15eca97b37b0e75f6aa97b7592e2224418c1f284234b428b7f2655 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in d2l-rubric (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 551223fd7a2d9e356d5db1df39fab3d2dfe82a4c86215c43bdfea16345cb42d3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Buffer overflow

An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29...

CVE-2022-31479 Remote Code Execution via command injection of the hostname

An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which...

Growling Bears Make Thunderous Noise

Growling Bears Make Thunderous Noise By Trellix · June 6, 2022 Per public attribution, Russian cybercriminal groups have always been active. Their tactics, techniques, and procedures TTPs have not significantly evolved over time, although some changes have been observed. Lately, the threat...

Malicious code in lexical-monorepo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4af686331feed45b8818ceff08372677fb1f0f5531b48057d994aa8d3e871fc7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Product Show Room Site 1.0 Cross Site Scripting

Product Show Room Site - 'Telephone' Stored Cross-Site ScriptingXSS Exploit Title: Product Show Room Site - 'Telephone' Stored Cross-Site ScriptingXSS Exploit Author: [email protected] inc Vendor Homepage:...

Malicious code in react-devtools-release-script (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ea7f251efb5b52e9221271c637b06b4d48a22a5c0e762a8723498050b5adf80 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ceye-test-0001 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e6c92b162c66b57e82aeff6cb8f48d5f03b4aa264ae009c99139ad5261e520e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

ChromeLoader Browser Hijacker Provides Gateway to Bigger Threats

ChromeLoader may seem on the surface like a run-of-the-mill browser hijacker that merely redirects victims to advertisement websites. However, its use of PowerShell could pose a greater risk by leading to further and advanced malicious activity, such as the propagation of ransomware or spyware or...

Moderate: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.6.5 security and bug fix update

The Migration Toolkit for Containers MTC 1.6.5 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

SideWinder Hackers Launched Over a 1,000 Cyber Attacks Over the Past 2 Years

An "aggressive" advanced persistent threat APT group known as SideWinder has been linked to over 1,000 new attacks since April 2020. "Some of the main characteristics of this threat actor that make it stand out among the others, are the sheer number, high frequency and persistence of their attack...

Android apps with millions of downloads exposed to high-severity vulnerabilities

Microsoft uncovered high-severity vulnerabilities in a mobile framework owned by mce Systems and used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote albeit complex or local attacks. The vulnerabilities, which affected apps...

CVE-2022-26725

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. Photo location information may persist after it is removed with Preview Inspector...