When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation

Overview Rapid7 Labs has identified and analyzed an ongoing, widespread compromise of legitimate, potentially highly trusted WordPress websites, misused by an unidentified threat actor to inject a ClickFix implant impersonating a Cloudflare human verification challenge CAPTCHA. The lure is design...

Open redirect

Tauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external websites, but in versions 1.0.0 until 1.0.9, 1.1.0 until 1.1.4, and 1.2.0 until 1.2.5, the isolation can be bypassed by redirecting an existing Tauri window to an...

Qsmart Next 跨站脚本漏洞

Qsmart Next is a free smartphone application from Qsmart Inc. A security vulnerability exists in Qsmart Next version v4.1.2, which can be exploited by an attacker to inject malicious scripts into other benign and trusted websites...

Cross-site Scripting (XSS) - Reflected in tsolucio/corebos

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites Proof of Concept. // PoC.js Link --...

Cross-site Scripting (XSS) - Reflected in opensourcepos/opensourcepos

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites Proof of Concept // PoC POST Request: https://demo.opensourcepos.org/messages/send/ Data:...

Cross-site Scripting (XSS) - Stored in zikula/core

✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites 🕵️‍♂️ Proof of Concept // PoC.js 1- Go to -- https://demo.ziku.la/blocks/admin/block/edit/2 2- Go to Editor and link a test word with a link As...

Cross-site Scripting (XSS) - Stored in zikula-modules/content

✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites 🕵️‍♂️ Proof of Concept // PoC.js 1- Go to -- https://demo.ziku.la/content/page/edit/PAGEID?slug=pages/content-introduction-page 2- inject this...

PAN-OS: Invalid URLs in an External Dynamic List (EDL) can Lead to Firewall Outage

Certain invalid URL entries contained in an External Dynamic List EDL cause the Device Server daemon devsrvr to stop responding. This condition causes subsequent commits on the firewall to fail and prevents administrators from performing commits and configuration changes even though the firewall...

PT-2020-20819 · Apple · Macos Catalina +4

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 13.6 iPadOS versions prior to 13.6 macOS Catalina versions prior to 10.15.6 tvOS versions prior to 13.4.8 watchOS versions prior to 6.2.8 Description: A certificate validation issue existed when processing...

New Google Chrome mobile phishing scam can steal private data

By Uzair Amir Google Chrome’s mobile browser has been targeted with a relatively simple phishing technique by developer Jim Fisher. According to Fisher, the exploit involves tricking victims into handing over their private information by manipulating the trusted websites of the user. By using a...

[SECURITY] Fedora 28 Update: mozilla-noscript-10.1.9.6-1.fc28

The NoScript Firefox extension provides extra protection for Firefox. It allows JavaScript, Java, Flash and other plug-ins to be executed only by trusted web sites of your choice e.g. your online bank and additionally provides Anti-XSS protection...

Microsoft Internet Explorer (IE) permits modification of URL displayed in address bar

Overview A vulnerability exists in Microsoft Internet Explorer which could could enable an attacker to spoof trusted web sites. Description A vulnerability exists in Microsoft Internet Explorer. This vulnerability could enable a web page to display the URL from a different web site in the IE...