109 matches found
Cross-site Scripting (XSS)
spatie/browsershot is vulnerable to cross site scripting. The vulnerable exists in the setUrl function in Browsershot.php which allows an external attacker to remotely obtain arbitrary local files, because the application does not validate the passed URL protocol...
PT-2022-26035 · Unknown · Browsershot
Name of the Vulnerable Software and Affected Versions: Browsershot version 3.57.2 Description: The issue allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method...
CVE-2022-41706 Browsershot 3.57.2 - Server Side XSS to LFR via URL
Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method...
CVE-2022-41706 Browsershot 3.57.2 - Server Side XSS to LFR via URL
Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method...
CVE-2022-41706
CVE-2022-41706 affects Browsershot version 3.57.2, where the URL protocol passed to Browsershot::url is not validated. This allows an external attacker to remotely obtain arbitrary local files. The available documents describe the vulnerability and impact (remote local file access) but do not pro...
VulnCheck KEV: CVE-2022-34713
A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application...
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application...
PT-2022-23374 · Obsidian · Obsidian
Name of the Vulnerable Software and Affected Versions: Obsidian versions 0.14.x through 0.15.4 Description: The issue allows remote code execution due to the use of window.open without checking the URL, specifically with the obsidian://hook-get-address protocol. This can lead to unauthorized code...
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application...
CVE-2022-32271
In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary loca...
Threat Advisory: Zero-day vulnerability in Microsoft diagnostic tool MSDT could lead to code execution
A recently discovered zero-day vulnerability in the Microsoft Windows Support Diagnostic Tool MSDT made headlines over the past few days. CVE-2022-30190, also known under the name "Follina," exists when MSDT is called using the URL protocol from an application, such as Microsoft Office,...
CVE-2022-30190
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs,...
Remote code execution
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs,...
Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack
Microsoft has released a workaround for a zero-day flaw that was initially flagged in April and that attackers already have used to target organizations in Russia and Tibet, researchers said. The remote control execution RCE flaw, tracked as CVE-2022-3019, is associated with the Microsoft Support...
CVE-2022-30190
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs,...
CVE-2022-30190: "Follina" Microsoft Support Diagnostic Tool Vulnerability
On May 30, 2022, Microsoft Security Response Center MSRC published a blog on CVE-2022-30190, an unpatched vulnerability in the Microsoft Support Diagnostic Tool msdt in Windows. Microsoft’s advisory on CVE-2022-30190 indicates that exploitation has been detected in the wild. According to Microsof...
Microsoft Releases Workarounds for Office Vulnerability Under Active Exploitation
Microsoft on Monday published guidance for a newly discovered zero-day security flaw in its Office productivity suite that could be exploited to achieve code execution on affected systems. The weakness, now assigned the identifier CVE-2022-30190, is rated 7.8 out of 10 for severity on the CVSS...
VulnCheck KEV: CVE-2022-30190
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application...
AlmaLinux 8 : firefox (ALSA-2022:0130)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:0130 advisory. - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reporte...
AlmaLinux 8 : thunderbird (ALSA-2022:0129)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:0129 advisory. - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reporte...