4 matches found
MAL-2023-4928 Malicious code in posturl (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 5ba6dc16a3ab58dbe4334ba56e7f3bb7724e96c55b6eca45b313eaaae98b1f60 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
phpBB 3.2.3 - Remote Code Execution
phpBB 3.2.3 - Remote Code Execution // All greets goes to RIPS Tech // Run this JS on Attachment Settings ACP page var pluploadsalt = ''; var formtoken = ''; var creationtime = ''; var filepath = 'phar://./../files/plupload/$saltaaae9cba5fdadb1f0c384934cd20d11czip.part'; // md5'evil.zip' =...
Adobe SVG Viewer 3.0 postURL/getURL Restriction Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8785/info Adobe SVG Viewer ASV is prone to an issue in the implementation of the getURL and postURL methods. These methods are designed to prevent access to URIs in a foreign domain or local files. However, by using a...
Adobe SVG Viewer 3.0 - postURLgetURL Restriction Bypass
Adobe SVG Viewer 3.0 - postURLgetURL Restriction Bypass source: https://www.securityfocus.com/bid/8785/info Adobe SVG Viewer ASV is prone to an issue in the implementation of the getURL and postURL methods. These methods are designed to prevent access to URIs in a foreign domain or local files...