7654 matches found
South Korean DarkHotel Hackers Targeted Luxury Hotels in Macau
Luxury hotels in the Chinese special administrative region of Macau were the target of a malicious spear-phishing campaign from the second half of November 2021 and through mid-January 2022. Cybersecurity firm Trellix attributed the campaign with moderate confidence to a suspected South Korean...
Cross site scripting
Multiple Authenticated admin user role Persistent Cross-Site Scripting XSS vulnerabilities discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin versions = 1.0.77.32...
CVE-2021-23209 WordPress AMP for WP – Accelerated Mobile Pages plugin <= 1.0.77.32 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated admin user role Persistent Cross-Site Scripting XSS vulnerabilities discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin versions = 1.0.77.32...
CVE-2021-23209
The CVE-2021-23209 entry concerns the WordPress AMP for WP – Accelerated Mobile Pages plugin (versions ≤ 1.0.77.32). The vulnerability is multiple authenticated (admin role required) persistent cross-site scripting (XSS) vulnerabilities. The root cause details are not explicitly provided in the l...
Privilege escalation
Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the iragent.exe component, resulting in elevated rights and persistent access to t...
BuilderTorCTPHPRAT.b Cross Site Scripting
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/838f67d7a4b6824ec59892057aab3bb7C.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BuilderTorCTPHPRAT.b Vulnerability: Remote Persistent XSS Family: TorCTPHPRAT Type: WebUI MD5:...
Rapid7 Insight Agent 代码问题漏洞
Rapid7 Insight Agent is a lightweight software from Rapid7, Inc. The software is capable of collecting data from IT assets.A security vulnerability exists in Rapid7 Insight Agent version 3.1.2.38 and prior versions, which stems from the fact that Rapid7 Insight Agent version 3.1.2.38 and prior...
389-ds-base: double free of the virtual attribute context in persistent search
A double free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash...
Information Disclosure
httpie is vulnerable to information disclosure. The vulnerability exists due to a lack of sanitization of cookies in persistent session allowing the cookies to be visible to all sites in that session...
Oracle Linux 8 : 389-ds:1.4 (ELSA-2022-0889)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-0889 advisory. 1.4.3.23-14 - Bump version to 1.4.3.23-14 - Resolves: Bug 2059893 - Paged search lookthroughlimit counter doesnt take read ahead into account - Resolves: Bug...
389-ds-base: double free of the virtual attribute context in persistent search
A double free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash...
Automatic Question Paper Generator System 1.0 Cross Site Scripting Vulnerability
Exploit Title: Automatic Question Paper Generator System 1.0 - Cross-site scripting stored Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15190/automatic-question-paper-generator-system-phpoop-free-source-code.html Version: 1.0 Tested on: Linux Title: ================...
Hades RAT Web Panel Cross Site Scripting Vulnerability
Original source: https://malvuln.com/advisory/c4cc1317aea42f7dd4a1b786c5278a24C.txt Contact: email protected Media: twitter.com/malvuln Threat: Hades RAT - Web Panel Vulnerability: Remote Persistent XSS Family: Hades Type: WebUI MD5: c4cc1317aea42f7dd4a1b786c5278a24 MD5:...
Automatic Question Paper Generator System 1.0 Cross Site Scripting
Exploit Title: Automatic Question Paper Generator System 1.0 - Cross-site scripting stored Date: 2022-11-03 Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15190/automatic-question-paper-generator-system-phpoop-free-source-code.html Version: 1.0 Tested on: Linux Title:...
Hades RAT Web Panel Cross Site Scripting
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/c4cc1317aea42f7dd4a1b786c5278a24C.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Hades RAT - Web Panel Vulnerability: Remote Persistent XSS Family: Hades Type: WebUI MD5:...
Denial Of Service (DoS)
389-ds-base is vulnerable to denial of service. The vulnerability exists due to a double-free found in the way 389-ds-base handles virtual attributes context in persistent searches allowing an attacker to crash the system by sending a series of search requests...
Hardcoded credentials
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It mishandles software updates such that local third-party apps can provide a spoofed software update file that contains an arbitrary shell script and arbitrary ARM binary, where both will be executed as the root user with an...
Cross site scripting
Persistent cross-site scripting XSS in the web interface of ipDIO allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into specific fields. The XSS payload will be executed when a legitimate user attempts to upload, copy, download, or delete an...
Cross site scripting
Persistent cross-site scripting in the web interface of ipDIO allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into a specific parameter. The XSS payload will be executed when a legitimate user attempts to review history...
CVE-2022-25220
PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding...