CVE-2022-26486

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, Thunderbird 91.6.2, and Focus...

Design/Logic Flaw

A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy and security attacks. We have already fixed this vulnerability in the following versions: QTS...

Cross-Site Scripting (XSS)

Opencart is vulnerable to cross-site scripting XSS. The attack is possible because it does not sanitize the filename argument in the image upload section of admin panel, allowing an attacker to inject malicious script and get the script executed when a user visits the Image manager section...

Introducing Guardicore Threat Intelligence Firewall

Guardicore’s Threat Intelligence Firewall blocks connections to malicious IPs, limiting security attack surface before reaching critical assets...

Exploit for Cross-Site Request Forgery (CSRF) in Bobronix Jeditor

CVE-2019-12836 !bobronixhttps://github.com/9lyph/CVE-2019-...

Node.js third-party modules: Prototype pollution attack through jQuery $.extend

I would like to report prototype pollution in jQuery. It allows an attacker to inject properties on Object.prototype. Module module name: jquery version: 3.3.1 npm page: https://www.npmjs.com/package/jquery Module Description jQuery is a fast, small, and feature-rich JavaScript library. Module...

CVE-2018-15123

Insecure configuration storage in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows remote attacker perform new attack vectors and take under control device and smart home...

Directory Traversal

sly07 is vulnerable to directory traversal attacks. This attack is possible by requesting a url such as /..%2f..%2fetc/passwd to get sensitive information...

Apache Struts 2.5 - Remote Code Execution Exploit

Exploit for linux platform in category remote exploits Exploit Title: Struts 2.5 - 2.5.12 REST Plugin XStream RCE Google Dork: filetype:action Date: 06/09/2017 Exploit Author: Warflop Vendor Homepage: https://struts.apache.org/ Software Link:...

Google Android Qualcomm has an unspecified vulnerability (CNVD-2017-06759)

Android is a cell phone operating system based on the Linux open kernel. Google Android Qualcomm has a security vulnerability that allows attackers to perform security attacks...

Seemingly tasteless ESPCMS background injected, can actually be a lot of fun-vulnerability warning-the black bar safety net

Yesterday, the black bar safety net loophole platform exposes a ESPCMS of injection vulnerabilities, Ali cloud computing security attack and defense against a team of friends first time on the vulnerability to do an impact assessment. Did not think need to login to the backend before it can be...

X (Formerly Twitter): Fabric.io - an app admin can delete team members from other user apps

It is possible for an app admin to delete all the team members from other apps for which he doesn't have access. To reproduce the attack, create two apps and add different user roles as below, VictimApp - Aliceadmin, Alicemember HackerApp - Hackeradmin, Hackermember Before proceeding with the...

Joomla Component com_simplefaq (catid) Blind SQL Injection Vulnerability

No description provided by source. Joomla Component comsimplefaq catid Blind Sql Injection Vulnerability ========================================================================= .:. Author : AtT4CKxT3rR0r1ST .:. Team : Sec Attack Team .:. Email : [email protected] .:. Home : www.sec-attack.com/vb .:...

University Maryland Breach Exposes SocialSecurity numbers

Attackers breached a University of Maryland database containing more than 300,000 student, faculty, staff, and other affiliated records on Tuesday, according to an apology issued by the university’s president, Wallace D. Loh. While it is not clear exactly how many individuals are affected by the...

Password Leaks Continue: Billabong, NVIDIA Accounts Compromised

UPDATE: A string of high-profile hacks against online forums and companies continued on Thursday, with news that forums hosted by the technology firm NVIDIA as well as the surf-ware vendor Billabong. A document posted on the Web site codepaste.net purports to contain both administrative- and user...

CVE-2009-5052

Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 have unknown impact and attack vectors...

Blue Dove SQL Injection

.:. Author : HackXBack [email protected] .:. Team : Sec Attack Team .:. Home : www.sec-attack.com/vb .:. Script : Blue Dove Word Press Development .:. Bug Type : Sql Injection .:. Dork : "powered by Blue Dove Web Design" === Exploit === http://server/path/file.php?id=nullSQL...

Fedora Core 9 FEDORA-2009-1189 (gedit)

The remote host is missing an update to gedit announced via advisory FEDORA-2009-1189. OpenVAS Vulnerability Test $Id: fcore20091189.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-1189 gedit Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft...

CVE-2008-4146

Addalink 1.0 beta 4 and earlier allows remote attackers to 1 approve web-site additions via a modified approved field and 2 change the visit-counter value via a modified counter field...

PerlDesk kb.cgi view Parameter SQL Injection

The remote host is running PerlDesk, a web-based helpdesk application written in Perl. The remote version of this software has several SQL injection vulnerabilities, that could allow an attacker to execute arbitrary SQL statements on the remote database. %NASLMINLEVEL 70300 C Tenable Network...