Lucene search
K

140 matches found

The Hacker News
The Hacker News
added 2025/03/05 1:37 p.m.19 views

Dark Caracal Uses Poco RAT to Target Spanish-Speaking Enterprises in Latin America

The threat actor known as Dark Caracal has been attributed to a campaign that deployed a remote access trojan called Poco RAT in attacks targeting Spanish-speaking targets in Latin America in 2024. The findings come from Russian cybersecurity company Positive Technologies, which described the...

7.9AI score
Exploits0
Debian
Debian
added 2025/01/20 2:47 p.m.8 views

[SECURITY] [DLA 4024-1] poco security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4024-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk January 20, 2025 https://wiki.debian.org/LTS -...

9.8CVSS7.1AI score0.00851EPSS
Exploits0
OSV
OSV
added 2025/01/20 12:0 a.m.5 views

DLA-4024-1 poco - security update

Bulletin has no description...

9.8CVSS9.4AI score0.00851EPSS
Exploits0
NVD
NVD
added 2025/01/16 8:15 p.m.8 views

CVE-2025-23689

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Poco Blogger Image Import allows Stored XSS.This issue affects Blogger Image Import: from 2.1 through n/a...

7.1CVSS0.00303EPSS
Exploits0References1
CVE
CVE
added 2025/01/16 8:6 p.m.61 views

CVE-2025-23689

CVE-2025-23689 describes a Stored XSS in the Blogger Image Import plugin for Blogger Image Import (WordPress). The issue arises from improper input neutralization during web page generation, enabling stored cross-site scripting. Affected version range is from 2.1 to n/a, per the entry. The CVSS b...

7.1CVSS8.6AI score0.00303EPSS
Exploits0References1
OSV
OSV
added 2025/01/16 12:1 a.m.5 views

OSV-2025-32 UNKNOWN READ in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<ch

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=389754841 Crash type: UNKNOWN READ Crash state: std::1::basicstring, std::1::allocatorch Poco::Net::NTLMCredentials::parseChallengeMessage Poco::Net::HTTPNTLMCredentials::createNTLMMessage...

7.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/16 12:0 a.m.3 views

PT-2025-16152 · Git +1 · Poco

Name of the Vulnerable Software and Affected Versions: Poco versions affected versions not specified Description: The software contains a crash issue related to an unknown read error occurring within the Poco::Net::NTLMCredentials::parseChallengeMessage and...

6.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/16 12:0 a.m.4 views

PT-2025-5024 · Unknown · Poco Blogger Image Import

Name of the Vulnerable Software and Affected Versions: Poco Blogger Image Import versions 2.1 through n/a Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows stored XSS. This enables potential attacke...

7.1CVSS9AI score0.00303EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.5 views

UIOMatic 注入漏洞

UIOMatic is a tool by Tim Geyssens personal developer. It automatically generates an integrated crud UI for npoco poco based db tables. An injection vulnerability exists in UIOMatic version 5, which stems from the file /src/UIOMatic/wwwroot/backoffice/resources/uioMaticObject.r that can lead to S...

7.2CVSS5.8AI score0.00368EPSS
Exploits0References5
OSV
OSV
added 2024/11/05 12:3 a.m.8 views

OSV-2024-1272 Segv on unknown address in std::__1::ios_base::~ios_base

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=371292576 Crash type: Segv on unknown address Crash state: std::1::iosbase::iosbase Poco::Net::MultipartReader::nextPart Poco::Net::MailMessage::readMultipart...

7.2AI score
Exploits0References1
NVD
NVD
added 2024/10/27 8:15 a.m.21 views

CVE-2024-10412

A vulnerability was found in Poco-z Guns-Medical 1.0. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /mgr/upload of the component File Upload. The manipulation of the argument picture leads to cross site scripting. The attack can be launched...

5.4CVSS0.00378EPSS
Exploits1References4
OSV
OSV
added 2024/10/27 8:15 a.m.4 views

CVE-2024-10412

A vulnerability was found in Poco-z Guns-Medical 1.0. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /mgr/upload of the component File Upload. The manipulation of the argument picture leads to cross site scripting. The attack can be launched...

5.4CVSS3.8AI score
Exploits0References4
Cvelist
Cvelist
added 2024/10/27 8:0 a.m.15 views

CVE-2024-10412 Poco-z Guns-Medical File Upload upload cross site scripting

A vulnerability was found in Poco-z Guns-Medical 1.0. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /mgr/upload of the component File Upload. The manipulation of the argument picture leads to cross site scripting. The attack can be launched...

5.3CVSS0.00378EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/10/27 8:0 a.m.7 views

CVE-2024-10412 Poco-z Guns-Medical File Upload upload cross site scripting

A vulnerability was found in Poco-z Guns-Medical 1.0. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /mgr/upload of the component File Upload. The manipulation of the argument picture leads to cross site scripting. The attack can be launched...

5.3CVSS6.3AI score0.00378EPSS
Exploits1References4
CVE
CVE
added 2024/10/27 8:0 a.m.47 views

CVE-2024-10412

Poco-z Guns-Medical 1.0 has a cross-site scripting (XSS) vulnerability in the File Upload component, via the upload function at /mgr/upload. The issue arises from manipulating the picture parameter. A remote attacker could exploit it; exploitation details are not provided in the available documen...

5.4CVSS4AI score0.00378EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/10/14 12:8 a.m.5 views

OSV-2024-1218 UNKNOWN READ in Poco::UTF16Encoding::queryConvert

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372765426 Crash type: UNKNOWN READ Crash state: Poco::UTF16Encoding::queryConvert Poco::TextConverter::convert Poco::Net::NTLMCredentials::parseChallengeMessage...

7.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/14 12:0 a.m.4 views

PT-2024-40609 · Poco · Poco

Name of the Vulnerable Software and Affected Versions: Poco affected versions not specified Description: The issue is related to a crash caused by an unknown read. Technical details about the crash include the involvement of Poco::UTF16Encoding::queryConvert, Poco::TextConverter::convert, and...

6.8AI score
Exploits0References2
OSV
OSV
added 2024/10/13 12:11 a.m.5 views

OSV-2024-1216 Use-of-uninitialized-value in Poco::Net::NTLMCredentials::parseChallengeMessage

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372764172 Crash type: Use-of-uninitialized-value Crash state: Poco::Net::NTLMCredentials::parseChallengeMessage Poco::Net::HTTPNTLMCredentials::createNTLMMessage Poco::Net::HTTPNTLMCredentials::authenticate...

7.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/13 12:0 a.m.3 views

PT-2024-40608 · Poco · Poco

Name of the Vulnerable Software and Affected Versions: Poco affected versions not specified Description: The issue is related to a crash caused by the use of an uninitialized value. The crash occurs in the Poco::Net::NTLMCredentials::parseChallengeMessage function, which is called by...

6.8AI score
Exploits0References2
OSV
OSV
added 2024/09/15 12:6 a.m.5 views

OSV-2024-1071 Use-of-uninitialized-value in Poco::Dynamic::Var::~Var

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42538385 Crash type: Use-of-uninitialized-value Crash state: Poco::Dynamic::Var::Var void Poco::JSON::Object::doStringifystd::1::mapstd::1::basicstringchar, Poco::JWT::Serializer::serialize...

7.2AI score
Exploits0References1
Rows per page
Query Builder