CVE-2022-36318

When visiting directory listings for chrome:// URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR 102.1, Firefox ESR 91.12, Firefox 103, Thunderbird 102.1, and Thunderbird 91.12...

Cross site request forgery (csrf)

daloRADIUS is an open source RADIUS web management application. daloRadius 1.3 and prior are vulnerable to a combination cross site scripting XSS and cross site request forgery CSRF vulnerability which leads to account takeover in the mng-del.php file because of an unescaped variable reflected in...

CVE-2022-23475 dalorRadius full account take over

daloRADIUS is an open source RADIUS web management application. daloRadius 1.3 and prior are vulnerable to a combination cross site scripting XSS and cross site request forgery CSRF vulnerability which leads to account takeover in the mng-del.php file because of an unescaped variable reflected in...

PT-2022-27310 · Unknown · Appalti & Contratti

Name of the Vulnerable Software and Affected Versions: Appalti & Contratti version 9.12.2 Description: The web application is vulnerable to a Reflected Cross-Site Scripting issue. The idPagina parameter is reflected inside the server response without any HTML encoding, resulting in XSS when the...

XSS and CSP bypass in app.diagrams.net

Description The application reflects an input from the url without sanitizing it. With a csp bypass from apis.google.com its possible to execute javascript code. Proof of Concept...

CVE-2022-22242

A Cross-site Scripting XSS vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web. This issue affects Juniper Networks Junos OS all...

WordPress soledad cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress theme is a theme for WordPress. cross-site scripting vulnerability exists in versions prior to WordPress soledad 8.2.5, which stems from its failure to clear a certain parameter, an...

WordPress Cryptocurrency Pricing list and Ticker Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Cryptocurrency Pricing list and Ticker 1.5 and earlier versions have a cross-site scripting vulnerabilit...

Heimavista Rpage 跨站脚本漏洞

Heimavista Rpage is a content management system from the Chinese company Heimavista. A cross-site scripting vulnerability exists in versions of Heimavista Rpage prior to v5.4.103, which stems from insufficient filtering of the platform's web URLs that allows an unauthenticated, remote attacker to...

Leaking Screen Information on Zoom Calls through Reflections in Eyeglasses

Okay, its an obscure threat. But people are researching it: Our models and experimental results in a controlled lab setting show it is possible to reconstruct and recognize with over 75 percent accuracy on-screen texts that have heights as small as 10 mm with a 720p webcam." That corresponds to 2...

CVE-2022-37724

Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces...

CVE-2022-37724

The CVE-2022-37724 issue affects Project Wonder WebObjects, with vulnerable components in WebObjects adapters exposing Arbitrary HTTP Header injection and URL- or Header-based XSS reflection. Public records reference affected versions as 1.0 through 5.4.3 (and related advisories extend to 7.3 in ...

CVE-2022-40626

An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend...

PT-2022-24050 · Unknown · Project Wonder Webobjects

Name of the Vulnerable Software and Affected Versions: Project Wonder WebObjects versions 1.0 through 7.3 Description: The issue concerns Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces. A patch for this issue is available...

Biden Cybersecurity Executive Order: Ex-USSS Reflects

Ed Cabrera, former CISO of the US Secret Service and current Chief Cybersecurity Officer for Trend Micro, reflects on the effectiveness of Biden’s executive order and what organizations of all sizes can learn from it...

Debian dla-3090 : php-horde-turba - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3090 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3090-1 [email protected] https://www.debian.org/lts/security/...

USB “Rubber Ducky” Attack Tool

The USB Rubber Ducky is getting better and better. Already, previous versions of the Rubber Ducky could carry out attacks like creating a fake Windows pop-up box to harvest a users login credentials or causing Chrome to send all saved passwords to an attackers webserver. But these attacks had to ...

DotDumper: Automatically Unpacking DotNet based Malware

DotDumper: Automatically Unpacking DotNet Based Malware By Max Kersten · August 11, 2022 The automatic detection and classification of any given file in a reliable manner is often considered the holy grail of malware analysis. The trials and tribulations to get there are plenty, which is why the...

Horde Groupware Webmail <= 5.2.22 RCE Vulnerability (May 2022)

Horde Groupware Webmail is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Mozilla: Directory indexes for bundled resources reflected URL parameters

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when visiting directory listings for chrome:// URLs as source text, some parameters were reflected...