Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Ibexa Ezplatform-Graphql

CVE-2022-41876 - eZ Platform user information disclosure A vu...

Time Sheets < 1.29.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Login as Admin. 2. Go to...

The price fee for fusion characters is incorrect.

Lines of code Vulnerability details Vulnerability details Price fee for fusion characters is incorrect. According to the docs Fusing To fuse a namespace NFT, the user specifies the trays and the tiles offsets within the trays to use. Note that the whole tray is always burned, even if you only use...

TIMELOCK OPTION'S DURATION AND MULTIPLIER INACCURATELY DECODED

Lines of code Vulnerability details Impact The implementation of bitwise operations, i.e. and & in decode the timelock option's duration and multiplier does not seem to return results as expected. This could affect all other variables dependent on them. Proof of Concept These affect the function...

User Rewards will be lost in case of Withdraw

Lines of code Vulnerability details Impact User loses his unclaimed rewards If user withdraw all of his staked tokens he won't be able to claim rewards Proof of Concept the point is used to calculate user rewards and when a user withdraw all of its staked tokens the point will be set to zero and...

Intrepidity <= 1.5.1 - File Upload and Option Update via CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

Shopify Cross Site Scripting Vulnerability

Correspondence from Shopify declined to comment regarding new discovered vulnerabilities within their website. Although 'frontend' vulnerabilities are considered out of scope, person/tester foundhimself a beefy bugbounty from the same page that has been listed below, including similar functionali...

Wowza Streaming Engine Manager Login Utility

This module will attempt to authenticate to Wowza Streaming Engine via Wowza Streaming Engine Manager web interface. Module Options msf use auxiliary/scanner/http/wowzastreamingenginemanagerlogin msf auxiliarywowzastreamingenginemanagerlogin show actions ...actions... msf...

Oracle Linux 8 : ol8addon (ELSA-2023-18908)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-18908 advisory. - Addresses CVE-2021-34558 - Include patch to fix CVE-2019-9741 - Fixes CVE-2019-6486 - Fixes CVE-2018-16873, CVE-2018-16874, CVE-2018-16875 - Fix...

Purchase Order Management 1.0 Cross Site Scripting

Title: Purchase Order Management-1.0 - XSS-Reflected - Information-gathering Author: nu11secur1ty Date: 03.06.2023 Vendor: https://www.sourcecodester.com/user/257130/activity Software: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html...

Code injection

ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODESIGNINGINJECTBASEENTITLEMENTS...

CVE-2022-38738

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...

PUB-A-229255400

Bulletin has no description...

MAL-2023-3033 Malicious code in esqkillramed (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8e24e78af9a114e8ff65596ec1ff04f8f51de197808200ac08e477a9ae588d26 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-2964 Malicious code in esqhttpvmurl (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b110506eaac9840a464a211ec64f23d7fde95b941efb3feb7bec64d23d10aed2 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-3434 Malicious code in esqstrintelsplit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 44bd8c9c505aac9a3c0174a080649b232991699c662a0bf2a4f4b7506e895a89 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-5228 Malicious code in py-intelgame (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx eb511632e871dda789a0ef10c17c89b0ec71241a8287ae4344459a74a654ef87 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-5288 Malicious code in py-libhttpmc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 64fa61806e69f032bf9107fa0873b97cd7311226a1b7bdb3382af641e4c9a78e EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-3233 Malicious code in esqpostlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6c4fe1c89594aa0ac9f03ba82f99cbce6d30d9e3023a45cdf22dfdb3d0302794 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-6045 Malicious code in selfencodecv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx f78c01fcc92f4260482ab541769e9efbb1727207c1564ef0f3654661cfa06715 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...