device-mapper-persistent-data bug fix and enhancement update

An update is available for device-mapper-persistent-data. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, se...

CSE Bookstore 1.0 Cross Site Scripting

Exploit Title: CSE Bookstore 1.0 - 'quantity' Persistent Cross-site Scripting Date: 30/10/2020 Exploit Author: Vyshnav NK Vendor Homepage: https://projectworlds.in/ Software Link: https://github.com/projectworlds32/online-book-store-project-in-php/archive/master.zip Version: 1.0 Tested on: Window...

CSE Bookstore 1.0 - 'quantity' Persistent Cross-site Scripting

Exploit Title: CSE Bookstore 1.0 - 'quantity' Persistent Cross-site Scripting Date: 30/10/2020 Exploit Author: Vyshnav NK Vendor Homepage: https://projectworlds.in/ Software Link: https://github.com/projectworlds32/online-book-store-project-in-php/archive/master.zip Version: 1.0 Tested on: Window...

CISA, FBI, and CNMF Identify a New Malware Variant: ComRAT

The Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, and the Department of Defense Cyber National Mission Force CNMF have identified a malware variant—referred to as ComRAT—used by the Russian-sponsored advanced persistent threat APT actor Turla. In...

North Korea-Backed Spy Group Poses as Reporters in Spearphishing Attacks, Feds Warn

The North Korean advanced persistent threat APT group known as Kimsuky is actively attacking commercial-sector businesses, often by posing as South Korean reporters, according to an alert from the U.S. Cybersecurity and Infrastructure Security Agency CISA. Kimsuky a.k.a. Hidden Cobra has been...

CVE-2019-8809

A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, watchOS 6, iOS 13. A local app may be able to read a persistent account identifier...

CVE-2019-8809

A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, watchOS 6, iOS 13. A local app may be able to read a persistent account identifier...

CVE-2018-4339

This issue was addressed with a new entitlement. This issue is fixed in iOS 12.1. A local user may be able to read a persistent device identifier...

CVE-2018-4339

This issue was addressed with a new entitlement. This issue is fixed in iOS 12.1. A local user may be able to read a persistent device identifier...

Input validation

A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Parsing a maliciously crafted iBooks file may lead to a persistent denial-of-service...

Design/Logic Flaw

This issue was addressed with a new entitlement. This issue is fixed in iOS 12.1. A local user may be able to read a persistent device identifier...

CVE-2018-4339

This issue was addressed with a new entitlement. This issue is fixed in iOS 12.1. A local user may be able to read a persistent device identifier...

Genexis Platinum-4410 - 'SSID' Persistent XSS

Exploit Title: Persistent XSS in SSID Date: 10/24/2020 Exploit Author: Amal Mohandas Vendor Homepage: https://genexis.co.in/product/ont/ Version: Platinum-4410 Software version - P4410-V2-1.28 Tested on: Windows 10 Vulnerability Details ====================== Genexis Platinum-4410 Home Gateway...

CVE-2020-24848

FruityWifi through 2.4 has an unsafe Sudo configuration ALL : ALL NOPASSWD: ALL. This allows an attacker to perform a system-level root local privilege escalation, allowing an attacker to gain complete persistent access to the local system...

Stock Management System 1.0 - 'Categories Name' Persistent Cross-Site Scripting

Exploit Title: Stock Management System 1.0 - Persistent Cross-Site Scripting Categories Name Exploit Author: Adeeb Shah @hyd3sec Date: August 2, 2020 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14366/stock-management-system-php.html Version:...

WordPress Colorbox Lightbox 1.1.1 Cross Site Scripting

Exploit Title: WordPress Plugin Colorbox Lightbox v1.1.1 - Persistent Cross-Site Scripting Vulnerability Authenticated Date: 10.8.2020. Exploit Author: n1x MS-WEB Software Homepage: https://wordpress.org/plugins/wp-colorbox/ Software Link v1.1.1:...

Comtrend AR-5387un router - Persistent XSS (Authenticated)

!/usr/bin/env python3 -- coding: utf-8 -- """ Exploit Title: Persistent XSS on Comtrend AR-5387un router Date: 19/10/2020 Exploit Author: OscarAkaElvis Vendor Homepage: https://www.comtrend.com/ Version: Comtrend AR-5387un router Tested on: Software/Firmware version A731-410JAZ-C04R02.A2pD035g.d2...

User Registration & Login and User Management System With admin panel 2.1 - Persistent XSS

Exploit Title: User Registration & Login and User Management System With admin panel 2.1 - Persistent XSS Google Dork: N/A Date: 2020-08-07 Exploit Author: yusufmalikul Vendor Homepage: https://phpgurukul.com Software Link:...

User Registration And Login And User Management System 2.1 Cross Site Scripting

Exploit Title: User Registration & Login and User Management System With admin panel 2.1 - Persistent XSS Google Dork: N/A Date: 2020-08-07 Exploit Author: yusufmalikul Vendor Homepage: https://phpgurukul.com Software Link:...

CVE-2019-13633

Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attacker can send arbitrary JavaScript code via a built-in communication channel, such as Telegram, WhatsApp, Viber, Skype, Facebook, Vkontakte, or Odnoklassniki. This is mishandled within the administration panel for...