CVE-2022-25220

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding...

CVE-2022-23051

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svgfile' parameter...

CVE-2022-23051

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svgfile' parameter...

CVE-2022-23051

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svgfile' parameter...

Code injection

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding...

CVE-2022-25220

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding...

CVE-2022-23051

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svgfile' parameter...

PeTeReport 跨站脚本漏洞

PeTeReport is an open source application vulnerability reporting tool. Designed to assist penetration testing/red team efforts by simplifying the task of report writing and generation, PeTeReport version 0.5 contains a cross-site scripting vulnerability that stems from the software's lack of...

Citrix Provisioning Services - How To Gather CDF Traces

Starting in 1912 LTSR Citrix Provisioning Services improves on the CDF integration that kicked off in the earlier 7.0 days. This now includes the ability to natively maintain persistent rolling CDF trace logs on each PVS Server and Targets if necessary without the need for additional capture...

WordPress WordPress Persistent Login plugin <= 1.3.23 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WordPress Persistent Login plugin versions = 1.3.23. Solution Update the WordPress Persistent Login plugin to the latest available version at least 2.0.0...

Broadcom Software Discloses APT Actors Deploying Daxin Malware in Global Espionage Campaign

Broadcom Software—an industry member of CISA’s Joint Cyber Defense Collaborative JCDC—uncovers an advanced persistent threat APT campaign against select governments and other critical infrastructure targets in a publication titled Daxin: Stealthy Backdoor Designed for Attacks Against Hardened...

WordPress WordPress Persistent Login plugin <= 1.3.23 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WordPress Persistent Login plugin versions = 1.3.23. Solution Update the WordPress Persistent Login plugin to the latest available version at least 2.0.0...

CISA warns of cyberespionage by Iranian APT “MuddyWater”

Cybersecurity agencies in the US and UK have issued a joint cybersecurity advisory CSA on MuddyWater, a government-sponsored Iranian advanced persistent threat APT actor. The Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, the US Cyber Command Cyber...

CVE-2022-23835

The Visual Voice Mail VVM application through 2022-02-24 for Android allows persistent access if an attacker temporarily controls an application that has the READSMS permission, and reads an IMAP credentialing message that is by design not displayed to the victim within the AOSP SMS/MMS messaging...

CVE-2022-23835

The CVE-2022-23835 issue affects Visual Voice Mail (VVM) for Android (up to 2022-02-24). A local attacker who temporarily controls an app with the READ_SMS permission can read an IMAP credentialing message that the AOSP SMS/MMS app does not display to the user, allowing persistent access to VVM d...

CVE-2022-23835

The Visual Voice Mail VVM application through 2022-02-24 for Android allows persistent access if an attacker temporarily controls an application that has the READSMS permission, and reads an IMAP credentialing message that is by design not displayed to the victim within the AOSP SMS/MMS messaging...

Chinese Experts Uncover Details of Equation Group's Bvp47 Covert Hacking Tool

Researchers from China's Pangu Lab have disclosed details of a "top-tier" backdoor put to use by the Equation Group, an advanced persistent threat APT with alleged ties to the cyber-warfare intelligence-gathering unit of the U.S. National Security Agency NSA. Dubbed "Bvp47" owing to numerous...

Oracle Linux 7 : 389-ds-base (ELSA-2022-0628)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-0628 advisory. 1.3.10.2-15 - Bump version to 1.3.10.2-15 - Resolves: Bug 2049812 - Fix csn generator to limit time skew drift - Resolves: Bug 2048530 - CVE-2021-4091...

389-ds-base: double free of the virtual attribute context in persistent search

A double free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash...

DEBIAN-CVE-2021-4091

A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash...