CVE-2021-21588

Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. An unauthenticated attacker could potentially exploit this vulnerability by tricking the user into performing unwanted actions on the Presentation Server and perform which may lead ...

Dell EMC PowerFlex数据伪造问题漏洞

DELL Dell EMC PowerFlex is an application from Dell of America DELL, Inc. Dell powerflex presentation server data forgery issue vulnerability, which originates from the product's websocket in the Presentation Server/WebUI does not do user identity An attacker could hijack the Websocket to trick...

The vulnerability of the SharePoint Enterprise Server software, related to errors in information presentation on the user interface, allows a hacker to execute an attack using a spearphishing technique.

The vulnerability of the SharePoint Enterprise Server software is related to errors in information presentation at the user interface level. Exploiting this vulnerability could allow a malicious actor to carry out an attack using a spear-phishing technique...

Red-Kube - Red Team K8S Adversary Emulation Based On Kubectl

Red Kube is a collection of kubectl commands written to evaluate the security posture of Kubernetes clusters from the attacker's perspective. The commands are either passive for data collection and information disclosure or active for performing real actions that affect the cluster. The commands...

Mozilla Firefox Competitive Conditions Issue Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a Competitive Condition Issue vulnerability that originates from a competitive condition in the Web presentation component. No detailed vulnerability details are provided a...

Mozilla Firefox 竞争条件问题漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a Competitive Condition Issue vulnerability that originates from a competitive condition in the Web presentation component. No detailed vulnerability details are provided a...

Sentry Hardware Sentry KM 安全漏洞

Hardware Sentry KM is a hardware device view from Sentry France. It takes hardware monitoring in TrueSight to a new level by providing a dedicated view in TrueSight Presentation Server. An information disclosure vulnerability exists in Hardware Sentry KM versions prior to 10.0.01, which stems fro...

Threat Source Newsletter (April 15, 2021)

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. If you missed our webinar last week, we've got you covered. We've uploaded an extended version to our YouTube page that includes the scripts used in the presentation. This video will show you how to reverse-engineer and... This is...

The vulnerability of the Google Chrome browser’s presentation API involves the use of a memory area after it is freed. This allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Google Chrome browser’s presentation API relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service interruptions...

Creepy - A Geolocation OSINT Tool. Offers Geolocation Information Gathering Through Social Networking Platforms

This project is currently not maintained. I haven't put any work on it since 2016 and with the current state of the API access to instagram and twitter, and the default settings for their geolocation features cree.py wouldn't be of much use. I will live the repository and site up for the time but...

Command Execution Vulnerability in Yitoa's Office Drawing Software

Yitoa Graph is a simple and easy-to-use graphical expression workbench that enables the drawing of hundreds of graphical charts in professional fields such as flowcharts, architecture diagrams, engineering diagrams, mind maps, etc., and also provides a whiteboard for brainstorming and arbitrary...

The vulnerability of the PresentationAvailabilityObserver::AvailabilityChanged method in the Sailfish Browser application of the Aurora operating system allows a perpetrator to trigger a service failure.

The vulnerability of the PresentationAvailabilityObserver::AvailabilityChanged method in the Sailfish Browser application for the Aurora operating system is related to the use of dynamic memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure...

January 12, 2021-KB4597249 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1803

January 12, 2021-KB4597249 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1803 Release Date: January 12, 2021 Version: .NET Framework 4.8 Summary WPF1| - Addressed an issue with a FailFast crash arising in apps with two threads that both load application resources. ---|---...

January 12, 2021-KB4586876 Cumulative Update Preview for .NET Framework 3.5 and 4.8 for Windows 10, version 2004, Windows Server, version 2004, Windows 10, version 20H2, and Windows Server, version 20H2

January 12, 2021-KB4586876 Cumulative Update Preview for .NET Framework 3.5 and 4.8 for Windows 10, version 2004, Windows Server, version 2004, Windows 10, version 20H2, and Windows Server, version 20H2 Release Date: January 12, 2021 Version: .NET Framework 3.5 and 4.8 This update for Windows 10,...

Use After Free

Use after free in presentation API in Google Chrome allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Cross site scripting

OpenSlides is a free, Web-based presentation and assembly system for managing and projecting agenda, motions, and elections of assemblies. OpenSlides version 3.2, due to unsufficient user input validation and escaping, it is vulnerable to persistant cross-site scripting XSS. In the web applicatio...

PYSEC-2020-72

OpenSlides is a free, Web-based presentation and assembly system for managing and projecting agenda, motions, and elections of assemblies. OpenSlides version 3.2, due to unsufficient user input validation and escaping, it is vulnerable to persistant cross-site scripting XSS. In the web applicatio...

The vulnerability of the Microsoft Office software package, related to errors in information presentation at the user interface level, allows attackers to carry out spoofing attacks.

The vulnerability of the Microsoft Office suite is related to errors in information representation by the user interface. Exploiting this vulnerability allows a remote attacker to perform spoofing attacks...

BigBlueButton 2.2.25 - Arbitrary File Disclosure and Server-Side Request Forgery

Exploit Title: BigBlueButton 2.2.25 - Arbitrary File Disclosure and Server-Side Request Forgery Date: 2020-09-11 Exploit Author: RedTeam Pentesting GmbH Vendor Homepage: https://bigbluebutton.org/ Version: BigBlueButton 2.2.25 RedTeam Pentesting discovered a vulnerability in the BigBlueButton web...

Command Execution Vulnerability in Extreme Demo 2019 (Windows Client)

Extreme Presentation 2019 is the PPT office software in the Extreme Office office suite A command execution vulnerability exists in Extreme Presentation 2019 Windows client. An attacker can exploit the vulnerability to execute arbitrary code...