96 matches found
Zoom Client for Meetings < 5.13.3 Vulnerability (ZSB-23001)
The version of Zoom Client for Meetings installed on the remote host is prior to 5.13.3. It is, therefore, affected by a vulnerability as referenced in the ZSB-23001 advisory. - Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for...
PT-2023-7330 · Google +5 · Google Chrome +5
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 119.0.6045.199 Microsoft Edge affected versions not specified Description: The issue is related to a type confusion in the spellcheck service of Google Chrome and Microsoft Edge, allowing a remote attacker to...
CVE-2023-22880
Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom clients, transmitte...
Zoom Client 安全漏洞
Zoom Client is a video conferencing client application from Zoom Inc. that supports multiple platforms. A security vulnerability exists in Zoom Client versions prior to 5.13.3, Zoom Rooms for Windows clients versions prior to 5.13.5, and Zoom VDI for Windows clients versions prior to 5.13.1, whic...
CVE-2023-22880
CVE-2023-22880 affects Zoom client on Windows: Zoom for Windows prior to 5.13.3, Zoom Rooms for Windows prior to 5.13.5, and Zoom VDI for Windows prior to 5.13.1. The vulnerability is an information disclosure caused by a Microsoft Edge WebView2 runtime update that sent text to Microsoft's online...
SUSE CVE-2015-1263
The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file...
SUSE CVE-2015-1288
The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related...
MGASA-2023-0049 Updated phpmyadmin packages fix security vulnerability
Security fix for an XSS vulnerability in the drag-and-drop upload functionality PMASA-2023-01 Additional bugfixes including - issue 17506 Fix error when configuring 2FA without XMLWriter or Imagick issue 17519 Fix Export pages not working in certain conditions issue 17121 Fix passwordhash functio...
PT-2023-36335 · Unknown · Phpmyadmin
Name of the Vulnerable Software and Affected Versions: phpMyAdmin affected versions not specified Description: The issue concerns a security fix for an XSS vulnerability in the drag-and-drop upload functionality. Additional bugfixes include resolving errors when configuring 2FA without XMLWriter ...
GHSA-C558-5GFM-P2R8 JSPUI spellcheck and autocomplete tools vulnerable to Cross Site Scripting
Impact The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI autocomplete HTML does not properly escape text passed to it. Both are vulnerable to XSS. This vulnerability only impacts the JSPUI. This...
CVE-2022-31191 Cross Site Scripting possible in DSpace JSPUI spellcheck and autocomplete tools
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI...
CVE-2022-31191 Cross Site Scripting possible in DSpace JSPUI spellcheck and autocomplete tools
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI...
PT-2022-20600 · Dspace · Dspace
Name of the Vulnerable Software and Affected Versions: DSpace versions prior to 5.11 DSpace versions prior to 6.4 Description: The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI autocomplete HTML does not...
Moodle Authenticated Spelling Binary RCE
Moodle allows an authenticated user to define spellcheck settings via the web interface. The user can update the spellcheck mechanism to point to a system-installed aspell binary. By updating the path for the spellchecker to an arbitrary command, an attacker can run arbitrary commands in the...
Moodle Authenticated Spelling Binary Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class MetasploitModule 'Moodle Authenticated Spelling Binary RCE', 'Description' = %q Moodle allows an authenticated user to define spellcheck...
Moodle SpellChecker Path Authenticated Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Moodle SpellChecker Path Authenticated Remote Command Execution', 'Description' = %q Moodle allows an authenticated administrator to define...
U.S. Dept Of Defense: [HTA2] XXE on https://███ via SpellCheck Endpoint.
A full read XXE vulnerability was discovered on a website via the SpellCheck endpoint, allowing an attacker to read local files, make HTTP requests to internal applications and read the responses, steal NTLM hashes, and also completely deny service to the application...
EZSA-2019-003 XSS in eZFind spellcheck
More info at https://share.ez.no/community-project/security-advisories/ezsa-2019-003-xss-in-ezfind-spellcheck...
AutoSQLi - An Automatic SQL Injection Tool Which Takes Advantage Of Googler, Ddgr, WhatWaf And SQLMap
An Automatic SQL Injection Tool Which Takes Advantage Of DorkNet Googler, Ddgr, WhatWaf And Sqlmap. Features Save System - there is a complete save system, which can resume even when your pc crashed. - technology is cool Dorking - from the command line one dork : YES - from a file: NO - from an...
imyst.com XSS vulnerability
Vulnerable URL: http://www.imyst.com/ams/spellcheck/ASPSpellCheck.asp?fields=1/-///'/"//--...