28 matches found
EUVD-2022-33598
Malicious code in bioql PyPI...
Thorium Platform Public Availability
Today, CISA, in partnership with Sandia National Laboratories, announced the public availability of Thoriumlink is external, a scalable and distributed platform for automated file analysis and result aggregation. Thorium enhances cybersecurity teams' capabilities by automating analysis workflows...
CVE-2024-5922
The Scylla lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2022-29240
Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real one, part of...
CVE-2024-5922
The Scylla lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2024-5922 Scylla lite <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode
The Scylla lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2024-5922 Scylla lite <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode
The Scylla lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2024-5922
CVE-2024-5922 affects the Scylla lite WordPress theme. It is a stored XSS vulnerability via the url parameter in the theme’s Button shortcode, affecting all versions up to and including 1.8.3. Exploitation requires authenticated access (Contributor level or higher) and can inject scripts that exe...
WordPress Scylla lite theme <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Button Shortcode vulnerability discovered by Francesco Carlucci in WordPress Theme Scylla lite versions = 1.8.3...
WordPress plugin Scylla security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress Scylla lite Theme <= 1.8.3 is vulnerable to Cross Site Scripting (XSS)
Software Scylla lite Type Theme Vulnerable versions = 1.8.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5922 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0bf32deea49e Credits Francesco Carlucci Required...
Rrgen - A Header Only C++ Library For Storing Safe, Randomly Generated Data Into Modern Containers
This library was developed to combat insecure methods of storing random data into modern C++ containers. For example, old and clunky PRNGs. Thus, rrgen uses STL's distribution engines in order to efficiently and safely store a random number distribution into a given C++ container. Installation 1...
Scylla Ad Fraud Attack on iOS and Android Users Halted by Apple and Google
By Waqas Before being removed, the Scylla ad fraud campaign used over 90 malicious apps to carry out its operation against Android and iOS users. This is a post from HackRead.com Read the original post: Scylla Ad Fraud Attack on iOS and Android Users Halted by Apple and Google...
Experts Uncover 85 Apps with 13 Million Downloads Involved in Ad Fraud Scheme
As many as 75 apps on Google Play and 10 on Apple App Store have been discovered engaging in ad fraud as part of an ongoing campaign that commenced in 2019. The latest iteration, dubbed Scylla by Online fraud-prevention firm HUMAN Security, follows similar attack waves in August 2019 and late 202...
CVE-2022-29240
Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real one, part of...
Authentication flaw
Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real one, part of...
CVE-2022-29240 Uninitialized memory read in LZ4 decompression leads to authentication bypass in Scylla
Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real one, part of...
CVE-2022-29240 Uninitialized memory read in LZ4 decompression leads to authentication bypass in Scylla
Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real one, part of...
CVE-2022-29240
The CVE-2022-29240 issue is an uninitialized memory read during LZ4 decompression of a CQL frame in Scylla. If a user supplies a forged uncompressed length, part of the decompression buffer can remain uninitialized, enabling exploitation based on privileges. Reported impacts include an authentica...
CVE-2022-29240 Uninitialized memory read in LZ4 decompression leads to authentication bypass in Scylla
Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real one, part of...