CVE-2024-9147 HTML Injection in Bna Informatics' PosPratik

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Bna Informatics PosPratik allows XSS Through HTTP Query Strings. This issue affects PosPratik: before v3.2.1...

CVE-2024-9147 HTML Injection in Bna Informatics' PosPratik

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Bna Informatics PosPratik allows XSS Through HTTP Query Strings. This issue affects PosPratik: before v3.2.1...

Bna Informatics PosPratik 安全漏洞

Bna Informatics PosPratik is an application from Bna Informatics, Inc. A security vulnerability exists in Bna Informatics PosPratik versions prior to v3.2.1, which stems from improper neutralization of script-related HTML tags in web pages, allowing cross-site scripting attacks via HTTP query...

PT-2024-39456 · Bna Informatics · Pospratik

Name of the Vulnerable Software and Affected Versions: Bna Informatics PosPratik versions prior to 3.2.1 Description: A Basic XSS vulnerability is found in Bna Informatics PosPratik, which fails to neutralize script-related HTML tags properly. This allows XSS through HTTP query strings...

CVE-2024-51399

Altai Technologies Ltd Altai IX500 Indoor 22 802.11ac Wave 2 AP After login, there are file reads in the background, and attackers can obtain sensitive information such as user credentials, system configuration, and database connection strings, which can lead to data breaches and identity theft...

Finding the LNK: Techniques and methodology for advanced analysis with Velociraptor

Malicious exploitation of LNK files, commonly known as Windows shortcuts, is a well-established technique used by threat actors for delivery and persistence. While the value of LNK forensics for cyber threat intelligence CTI is fairly well-understood, analysts may overlook less well-known data...

Altai IX500 安全漏洞

Altai IX500 is an indoor wireless access point from Altai. A security vulnerability exists in Altai IX500. An attacker could exploit the vulnerability to obtain sensitive information such as user credentials, system configuration, database connection strings, etc., which could lead to data leakag...

CVE-2024-51399

The CVE-2024-51399 entry concerns Altai IX500 Indoor 22 802.11ac Wave 2 AP. Reported behavior: after login, background file reads can disclose sensitive data (user credentials, system configuration, database connection strings). Documented impact: potential data breach/identity theft. Connected s...

CVE-2024-51399

Altai Technologies Ltd Altai IX500 Indoor 22 802.11ac Wave 2 AP After login, there are file reads in the background, and attackers can obtain sensitive information such as user credentials, system configuration, and database connection strings, which can lead to data breaches and identity theft...

PT-2024-34619 · Altai · Altai Ix500 Indoor 22 802.11Ac Wave 2 Ap

Name of the Vulnerable Software and Affected Versions: Altai IX500 Indoor 22 802.11ac Wave 2 AP affected versions not specified Description: The issue allows attackers to obtain sensitive information such as user credentials, system configuration, and database connection strings after login, due ...

PT-2024-29547 · Ibm · Ibm Txseries For Multiplatforms

Name of the Vulnerable Software and Affected Versions: IBM TXSeries for Multiplatforms version 10.1 Description: The issue allows an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request, which could be obtained using man-in-the-middle technique...

CVE-2024-50067 uprobe: avoid out-of-bounds memory access of fetching args

In the Linux kernel, the following vulnerability has been resolved: uprobe: avoid out-of-bounds memory access of fetching args Uprobe needs to fetch args into a percpu buffer, and then copy to ring buffer to avoid non-atomic context problem. Sometimes user-space strings, arrays can be very large,...

Huawei EulerOS: Security Advisory for python-idna (EulerOS-SA-2024-2601)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2022-48969

In the Linux kernel, the following vulnerability has been resolved: xen-netfront: Fix NULL sring after live migration A NAPI is setup for each network sring to poll data to kernel The sring with source host is destroyed before live migration and new sring with target host is setup after live...

CVE-2024-47742

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However, there are a couple...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a null pointer dereference due to improper handling of NAPI strings after a live migration...

CVE-2020-27840

...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the interface strings for dates. An attacker can execute arbitrary scripts in the context of the user's browser by embedding malicious payloads in these messages. Details Cross-site scripting or XSS is a cod...

CVE-2024-47812 Cross-site Scripting (XSS) on Special:RequestImportQueue when displaying request date in ImportDump

ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki typically administrators and interface admins can embed XSS payloads in the messages for dates, and thus XSS anyone who views Special:RequestImportQueue. This...

ImportDump 安全漏洞

ImportDump is an open source application from Miraheze. A security vulnerability exists in ImportDump, which stems from the fact that anyone who can edit wiki interface strings can embed cross-site scripting in date messages...