CVE-2023-25313

OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the video link field to the Embed a video link feature...

EUVD-2023-0761

Malicious code in bioql PyPI...

CVE-2024-12214 WooCommerce HSS Extension for Streaming Video <= 3.31 - Reflected Cross-Site Scripting via videolink Parameter

The WooCommerce HSS Extension for Streaming Video plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘videolink’ parameter in all versions up to, and including, 3.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2024-12214 WooCommerce HSS Extension for Streaming Video <= 3.31 - Reflected Cross-Site Scripting via videolink Parameter

The WooCommerce HSS Extension for Streaming Video plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘videolink’ parameter in all versions up to, and including, 3.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2023-25313

OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the video link field to the Embed a video link feature...

CVE-2023-25313

OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the video link field to the Embed a video link feature...

WWBN AVideo 操作系统命令注入漏洞

WWBN AVideo is a video platform builder written in PHP by the WWBN team. A security vulnerability exists in WWBN AVideo versions prior to 12.4. An attacker can exploit the vulnerability to execute arbitrary code via the video link field to embed video link functionality...

CVE-2023-25313

OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the video link field to the Embed a video link feature...

Command Injection

wwbn/avideo is vulnerable to Command Injection. The vulnerability exists because security.php does not escape shell characters, allowing an attacker to inject and execute malicious commands when embedding a video link...

AVideo contains Command injection when embedding a video link

Impact: An attacker could execute remote code on a system running wwbn/avideo Step to Reproduce: 1. Go to the My Videos tab https://demo.avideo.com/mvideos 2. Click "Embed a video link" Append a command to the url as a query string. eg. ?whoami then click Save This issue has been resolved in comm...

CVE-2022-2936

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Video Link values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

Image Hover Effects Ultimate < 9.8.0 - Authenticated Stored XSS

The plugin does not sanitise and escape the Media Image URL, Video Link, Title and Description field of an Image Hover, which could lead to Stored XSS when low privileged users are allowed to access the plugin's feature which can be set via the plugin settings...

Khan Academy: Stored 'undefined' Cross-site Scripting

Hello KhanAcademy Security Team, I'm rootbakar, I found an XSS bug on 'BIO' in the profile, I used payload XSS "/load=promptdocument.domain;"/load= prompt document.cookie; after I save it appears there is no trigger from the XSS, but when I try to change one of the values in the profile form and...

Beware of Windows/MacOS/Linux Virus Spreading Through Facebook Messenger

If you came across any Facebook message with a video link sent by anyone, even your friend — just don’t click on it. Security researchers at Kaspersky Lab have spotted an ongoing cross-platform campaign on Facebook Messenger, where users receive a video link that redirects them to a fake website,...

iPhone blue screen of 0day vulnerabilities analysis: playback video trigger kernel denial of service-vulnerability warning-the black bar safety net

Recent find someone in wechat group to share the video link when using the Apple device users click on this video link while a video is playing will cause the Apple device to restart. Found this problem after 360NirvanTeam core members@Proteas first time take samples for analysis, in a...

MyBB 1.6.12 POST Cross Site Scripting

alert/XSS/ " / document.exploit.submit;...

Technicolor TC7200 - Multiple Cross-Site Request Forgery Vulnerabilities

Technicolor TC7200 - Multiple Cross-Site Request Forgery Vulnerabilities Exploit Title: Technicolor TC7200 - Multiple CSRF Vulnerabilities Google Dork: N/A Date: 02-01-2013 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage:...

Mac and Windows Malware Spreads Through Facebook Attack

A new attack on Facebook has been making the rounds this week, thanks in part to the social networking service’s ‘Like’ feature – and both Mac and Windows users are vulnerable. According to F-Secure’s News from the Lab blog, a Lithuanian server is dishing out the malware that appears to be...