MAL-2024-12231 Malicious code in ccsinstaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3e18cda71c2919c802b866f37fc87002396540fd6d3ea3f22b7703111c247518 Installing package downloads and install an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

CVE-2024-11182

An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...

Kashipara E-learning Management System 跨站脚本漏洞

Kashipara E-learning Management System is a learning management system from Kashipara Inc. A cross-site scripting vulnerability exists in Kashipara E-learning Management System version 1.0, which is rooted in a stored cross-site scripting attack that allows remote attackers to execute arbitrary...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara Inc. A security vulnerability exists in Kashipara E-learning Management System version 1.0 that stems from vulnerability to a stored cross-site scripting attack, which allows remote attackers to execute arbitrar...

Malicious code in ansishade (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c34f34cc1bdc60a4851d462f058187107a8c200d06ce08295d773f351fa1749a Importing the module starts the banner function, which downloads and runs an obfuscated remote script. The package seems to be a clone a one of existing simila...

CHANGING IDExpert 跨站脚本漏洞

CHANGING IDExpert is an authentication system based on zero trust and integrating various mechanisms such as FIDO, biometrics, MFA, etc. from China-based CHANGING. A cross-site scripting vulnerability exists in CHANGING IDExpert versions 2.5 through 2.8, which originates from incorrectly validati...

Liferay Portal and Liferay DXP Vulnerable to CSRF in the Script Console

The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA through fix pack 173 does not sufficiently...

PT-2024-7341 · Cisco · Cisco Ata 190 Series Analog Telephone Adapter

Name of the Vulnerable Software and Affected Versions: Cisco ATA 190 Series Analog Telephone Adapter firmware affected versions not specified Description: The vulnerability is related to insufficient validation of user input in the web-based management interface, allowing an unauthenticated, remo...

LemonLDAP::NG 安全漏洞

LemonLDAP::NG is the LemonLDAP::NG open source suite of Web single sign-on and access management software. A security vulnerability exists in LemonLDAP::NG prior to version 2.19.3, which stems from a remote attacker being able to inject arbitrary Web script or HTML into the login page via a...

CVE-2024-41514

A reflected cross-site scripting XSS vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter...

CADClick 安全漏洞

CADClick is a software solution from CADClick, Inc. that creates interactive catalogs of 2D/3D CAD data for individual customer CAD catalogs. A security vulnerability exists in CADClick v1.11.0 and earlier versions that stems from the presence of a Reflective Cross-Site Scripting XSS vulnerabilit...

Veritas Data Insight 安全漏洞

Veritas Data Insight is a Veritas solution that classifies, contextualizes, and controls unstructured data. A security vulnerability exists in Veritas Data Insight versions prior to 7.1, which stems from vulnerability to cross-site scripting attacks that allow remote attackers to inject arbitrary...

CADClick 安全漏洞

CADClick is a software solution from CADClick, Inc. that creates interactive catalogs of 2D/3D CAD data for individual customer CAD catalogs. A security vulnerability exists in CADClick v1.11.0 and earlier versions that stems from the presence of a Reflective Cross-Site Scripting XSS vulnerabilit...

SUSE CVE-2024-8907

Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML XSS via a crafted set of UI gestures. Chromium security severity: Medium...

VulnCheck KEV: CVE-2009-1872

Multiple cross-site scripting XSS vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to 2 wizards/common/logintowizard.cfm,...

VulnCheck KEV: CVE-2014-4535

Cross-site scripting XSS vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php...

MAL-2024-12237 Malicious code in cobo-custdoy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1bb6da528665b6d869e583cb594f1f0cc7e7ccaf8cc5a7a859c0db9e7fa80c19 It appears to be a forgotten pentest checking typosquatting against cobo-custody package, but may also have malicious purposes. During installation, if a machi...

Malicious code in cobo-custdy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cd0d754c7d09b395a490411bfdba9006309e5227c634e9946f4612de907de0d0 It appears to be a forgotten pentest checking typosquatting against cobo-custody package, but may also have malicious purposes. During installation, if a machi...

MAL-2024-12238 Malicious code in cobo-custdy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cd0d754c7d09b395a490411bfdba9006309e5227c634e9946f4612de907de0d0 It appears to be a forgotten pentest checking typosquatting against cobo-custody package, but may also have malicious purposes. During installation, if a machi...

MAL-2024-12239 Malicious code in cobo-python (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2f1c1c4efd134e130c04178382ff3ea318301fb18b5eb6eed696c49cf64e9ad6 It appears to be a forgotten pentest checking typosquatting against cobo-custody package, but may also have malicious purposes. During installation, if a machi...