Vehicle Parking Management System 1.0 - 'catename' Persistent Cross-Site Scripting (XSS)

Exploit Title: Vehicle Parking Management System 1.0 - 'catename' Persistent Cross-Site Scripting XSS Date: 2021-02-25 Exploit Author: Tushar Vaidya Vendor Homepage: https://www.sourcecodester.com/php/14415/vehicle-parking-management-system-project-phpmysql-full-source-code.html Software Link:...

The vulnerability of the software installer for Intel Optane DC Persistent Memory, which allows a hacker to enhance their privileges.

The vulnerability of the software installer for Intel Optane DC Persistent Memory, which operates on non-volatile memory, is related to improper handling of the search path. Exploiting this vulnerability can allow attackers to enhance their privileges...

Persistent XSS through Team Calendar in Confluence Server - CVE-2020-29444

Affected versions of Team Calendar in Confluence Server allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting vulnerability in admin global setting parameters. h3. Affected versions: 7.11.0 h3. Fixed version: 7.11.0 This vulnerability is attributed to Stefano...

Securing Your Web App, One Robot at a Time

Modern web apps are two things: complex, and under persistent attack. Any publicly accessible web application can receive up to tens of thousands of attacks a month. While that sounds like a reason to immediately pull the plug and find a safe space to hide, these are likely spread across the...

U.S. Charges 3 North Korean Hackers Over $1.3 Billion Cryptocurrency Heist

The U.S. Department of Justice DoJ on Wednesday indicted three suspected North Korean hackers for allegedly conspiring to steal and extort over $1.3 billion in cash and cryptocurrencies from financial institutions and businesses. The three defendants — Jon Chang Hyok, 31; Kim Il, 27; and Park Jin...

U.S. Indicts North Korean Hackers in Theft of $200 Million

The U.S. Justice Department today unsealed indictments against three men accused of working with the North Korean regime to carry out some of the most damaging cybercrime attacks over the past decade, including the 2014 hack of Sony Pictures, the global WannaCry ransomware contagion of 2017, and...

CVE-2020-24451

Uncontrolled search path in the IntelR OptaneTM DC Persistent Memory installer for Windows before version 1.00.00.3506 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2020-24451

Uncontrolled search path in the IntelR OptaneTM DC Persistent Memory installer for Windows before version 1.00.00.3506 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2020-24451

Uncontrolled search path in the IntelR OptaneTM DC Persistent Memory installer for Windows before version 1.00.00.3506 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2020-24451

The CVE-2020-24451 issue affects Intel Optane DC Persistent Memory software for Windows prior to version 1.00.00.3506. The root cause is an uncontrolled search path in the installer, enabling an authenticated local user to potentially escalate privileges. Impact is described as high confidentiali...

Browser Tracking Using Favicons

Interesting research on persistent web tracking using favicons. For those who dont know, favicons are those tiny icons that appear in browser tabs next to the page name. Abstract: The privacy threats of online tracking have garnered considerable attention in recent years from researchers and...

Web shell attacks continue to rise

One year ago, we reported the steady increase in the use of web shells in attacks worldwide. The latest Microsoft 365 Defender data shows that this trend not only continued, it accelerated: every month from August 2020 to January 2021, we registered an average of 140,000 encounters of these threa...

Web shell attacks continue to rise

One year ago, we reported the steady increase in the use of web shells in attacks worldwide. The latest Microsoft 365 Defender data shows that this trend not only continued, it accelerated: every month from August 2020 to January 2021, we registered an average of 140,000 encounters of these threa...

OpenEMR < 5.0.2.2 Multiple Vulnerabilities

OpenEMR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:open-emr:openemr"; ifdescription...

Intel Optane(TM) DC Security Vulnerability

Intel OptaneTM DC is a software application from Intel Corporation USA. It provides a new storage technology. A security vulnerability exists in Intel OptaneTM DC Persistent Memory installer for Windows, which arises from an uncontrolled search path in the installer that could allow an...

CVE-2021-25836

Cosmos Network Ethermint = v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. The bytecode set in a FAILED transaction wrongfully remains in memorystateObject.code and is further written to persistent store at the Endblock stage, which may be utilized to build honeypot contrac...

Code injection

Cosmos Network Ethermint = v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. The bytecode set in a FAILED transaction wrongfully remains in memorystateObject.code and is further written to persistent store at the Endblock stage, which may be utilized to build honeypot contrac...

CVE-2021-22499

Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack...

Nagios XI Persistent Cross-Site Scripting

A persistent cross-site scripting vulnerability exists in Nagios XI. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

CentOS 8 : gnupg2 (CESA-2020:4490)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:4490 advisory. - GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS CVE-2019-13050 Note that...