Lucene search
+L

116 matches found

OSV
OSV
added 2023/10/04 1:15 p.m.4 views

CVE-2023-4493

Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the usersadmin.ghp file that affects multiple parameters such as firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip. This vulnerability allows a...

5.4CVSS5.8AI score0.00403EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2023/06/27 2:10 p.m.3 views

New Ongoing Campaign Targets npm Ecosystem with Unique Execution Chain

Cybersecurity researchers have discovered a new ongoing campaign aimed at the npm ecosystem that leverages a unique execution chain to deliver an unknown payload to targeted systems. "The packages in question seem to be published in pairs, each pair working in unison to fetch additional resources...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/23 10:40 a.m.24 views

Powerful JavaScript Dropper PindOS Distributes Bumblebee and IcedID Malware

A new strain of JavaScript dropper has been observed delivering next-stage payloads like Bumblebee and IcedID. Cybersecurity firm Deep Instinct is tracking the malware as PindOS, which contains the name in its "User-Agent" string. Both Bumblebee and IcedID serve as loaders, acting as a vector for...

7.1AI score
Exploits0
Snyk
Snyk
added 2023/05/16 12:0 a.m.2 views

Cross-site Scripting (XSS)

Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient validation of the protocol in the response when processing oEmbed discovery. An attacker can inject...

6.4CVSS5.3AI score
Exploits0References2
The Hacker News
The Hacker News
added 2022/09/29 12:0 p.m.43 views

Researchers Uncover Covert Attack Campaign Targeting Military Contractors

A new covert attack campaign singled out multiple military and weapons contractor companies with spear-phishing emails to trigger a multi-stage infection process designed to deploy an unknown payload on compromised machines. The highly-targeted intrusions, dubbed STEEPMAVERICK by Securonix, also...

0.7AI score
Exploits0
OSV
OSV
added 2021/01/01 2:15 a.m.6 views

CVE-2020-35936

Stored Cross-Site Scripting XSS vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to...

8CVSS5.8AI score0.01651EPSS
Exploits1References1
ThreatPost
ThreatPost
added 2020/11/16 9:47 p.m.37 views

Attackers Target Porn Site Goers in ‘Malsmoke’ Zloader Attack

Cybercriminals are tricking adult website visitors – including sites such as bravoporn.com and xhamster.com – in malvertising attacks that redirect victims to malicious websites serving up malware. The campaign, which is part of a larger malvertising effort dubbed “malsmoke”, has been tracked...

0.2AI score
Exploits0References12
Gitee
Gitee
added 2020/07/23 10:54 a.m.3 views

Office8570

This is a Microsoft PowerPoint presentation file .ppt that contains a malicious payload. The file is encoded with a password, and the presentation itself contains a malicious VBA Visual Basic for Applications macro that can be used to deliver a payload. The presentation contains a slide layout th...

7.2AI score
Exploits0
OSV
OSV
added 2020/07/13 7:15 p.m.5 views

CVE-2020-10989

An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute malicious payloads via the WifiName POST parameter...

6.1CVSS6.6AI score0.00856EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2020/01/19 12:0 a.m.13 views

Batch-Move Posts <= 1.5 - Broken Authentication leading to Unauthenticated Stored XSS

An attacker can add a Cross-Site Scripting XSS payload remotely without any authentication. The Payload gets triggered when an Admin visits the settings page of the plugin. Edit WPScanTeam: The plugin is still affected and has been closed. PoC Vulnerable code is from lines 68 to 84. The code gets...

Exploits0Affected Software1
GithubExploit
GithubExploit
added 2019/12/12 7:58 a.m.390 views

Exploit for Deserialization of Untrusted Data in Telerik Ui_For_Asp.Net_Ajax

CVE-2019-18935 Proof-of-concept exploit for a .NET JSON deser...

9.8CVSS9.3AI score0.99737EPSS
Exploits16
Gitee
Gitee
added 2018/03/27 5:36 p.m.8 views

Exploit for CVE-2017-8570

The provided repository is an exploit toolkit for CVE-2017-8570, a vulnerability in Microsoft Office PPSX files. The toolkit is designed to generate malicious PPSX files that can deliver payloads to a target system. The payloads can be either local or remote, depending on the user's preference. T...

9.3CVSS6.7AI score0.89889EPSS
Exploits14
Gitee
Gitee
added 2017/08/17 7:56 a.m.8 views

Exploit for CVE-2017-8570

PoC exploit for CVE-2017-8570. The exploit toolkit, CVE-2017-8570, is a Python script designed to generate malicious PPSX files that can deliver payloads to users. It can be used in two scenarios: delivering local payloads or remote payloads. To deliver local payloads, the script generates a...

9.3CVSS8.1AI score0.89889EPSS
Exploits14
Exploit DB
Exploit DB
added 2016/01/26 12:0 a.m.41 views

Google Android ADB Debug Server - Remote Payload Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex/proto/adb' class Metasploit3 'Android ADB Debug Server Remote Payload Execution', 'Description' = %q Writes and spawns a native payload on...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2014/07/23 8:35 p.m.13 views

Researchers Demonstrate Zero-Day Vulnerabilities in Tails Operating System

The critical zero-day security flaws, discovered in the privacy and security dedicated Linux-based Tails operating system by the researcher at Exodus Intelligence that could help attackers or law enforcements to de-anonymize anyone’s identity, actually lie in the I2P software that’s bundled with...

7.2AI score
Exploits0
ThreatPost
ThreatPost
added 2012/07/11 1:45 a.m.9 views

More Malware Using a Remote Payload Discovered on Google Play

Symantec is warning of new malware masquerading as two apps on Google Play that claimed up to 100,000 victims before the Trojan was removed. Both “Super Mario Bros.” and “GTA 3 Moscow City” racked up 50,000 to 100,000 downloads after being posted June 24 on Google Play. “What is most interesting...

0.8AI score
Exploits0References1
Rows per page
Query Builder