7654 matches found
CVE-2022-23047
Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configuresite"...
CVE-2022-23047
Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configuresite"...
Code injection
Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configuresite"...
Palo Alto Network Cortex XSOAR 跨站脚本漏洞
Palo Alto Networks Cortex Xsoar is a Security Orchestration Automation and Response Soar platform from Palo Alto Networks, USA. A cross-site scripting vulnerability exists in Palo Alto Networks Cortex XSOAR that allows an attacker to store a persistent javascript exploit code that could lead to t...
AlmaLinux 8 : gnupg2 (ALSA-2020:4490)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4490 advisory. - GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery CSRF vulnerability in dirmngr that can result in Attacker controlled CSRF, Informatio...
CVE-2021-4046
The mtxtNom y mtxtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data...
Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users
A threat actor, likely Chinese in origin, is actively attempting to exploit a zero-day vulnerability in the Zimbra open-source email platform as part of spear-phishing campaigns that commenced in December 2021. The espionage operation — codenamed "EmailThief" — was detailed by cybersecurity compa...
Improper Input Validation
org.apache.pulsar, pulsar is vulnerable to improper input validation. The vulnerability exists due to improper access restrictions in internalResetCursorOnPosition function in PersistentTopicsBase.javafile which allows an attacker to bypass security and read the ledger...
The evolution of a Mac trojan: UpdateAgent’s progression
Our discovery and analysis of a sophisticated Mac trojan in October exposed a year-long evolution of a malware family—and depicts the rising complexity of threats across platforms. The trojan, tracked as UpdateAgent, started as a relatively basic information-stealer but was observed distributing...
New Malware Used by SolarWinds Attackers Went Undetected for Years
The threat actor behind the supply chain compromise of SolarWinds has continued to expand its malware arsenal with new tools and techniques that were deployed in attacks as early as 2019, once indicative of the elusive nature of the campaigns and the adversary's ability to maintain persistent...
GHSA-PRFF-6J8Q-VRV7 Cross-site Scripting in microweber
There is a persistent XSS Vulnerability exsists in the checkout page where we can able to execute any javascription in the last name field...
CVE-2021-23174
Authenticated admin+ Persistent Cross-Site Scripting XSS vulnerability discovered in Download Monitor WordPress plugin versions = 4.4.6 Vulnerable parameters: &posttitle, &downloadablefileversion0...
CVE-2021-23174 WordPress Download Monitor plugin <= 4.4.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Authenticated admin+ Persistent Cross-Site Scripting XSS vulnerability discovered in Download Monitor WordPress plugin versions = 4.4.6 Vulnerable parameters: &posttitle, &downloadablefileversion0...
CVE-2021-4091
A double free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash...
389-ds-base 资源管理错误漏洞
389-ds-base is a highly available, fully featured, reliable and secure LDAP server implementation. It handles many of the largest LDAP deployments in the world. A resource management error vulnerability exists in 389-ds-base that stems from. A re-release issue was discovered in the way 389-ds-bas...
MoonBounce: New malware deployed by APT41 in UEFI firmware
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. MoonBounce is a new type of malware that hides in the most complex part of an Operating System OS, the Basic Input Output System BIOS chip, and thus persists even after reinstalling your OS or formatting your hard drive...
uBidAuction 2.0.1 Cross Site Scripting Vulnerability
Document Title: =============== uBidAuction v2.0.1 - Multiple XSS Web Vulnerabilities Product & Service Introduction: =============================== uBidAuction is a powerful, scalable & fully-featured classic and bid auction software that lets create the ultimate profitable online auctions...
Ametys CMS 4.4.1 Cross Site Scripting Vulnerability
Document Title: =============== Ametys v4.4.1 CMS - Cross Site Scripting Vulnerability Product & Service Introduction: =============================== Build powerful and stunning websites. Whether you need an advanced corporate website, a powerful landing page, a professionnal blog or an event...
Ametys CMS 4.4.1 Cross Site Scripting
Document Title: =============== Ametys v4.4.1 CMS - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2275 Release Date: ============= 2022-01-12 Vulnerability Laboratory ID VL-ID: ==================================== 22...
Umbraco Persistent Password Reset Poison
The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset...