EUVD-2024-45722

Malicious code in bioql PyPI...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the uclincludecommon function. An attacker can execute arbitrary code or cause a denial of service by supplying crafted input to this function. Remediation A fix was pushed into the master branch but not y...

CVE-2024-51930

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in IronFeet Custom URL Shortener custom-url-shorter allows Stored XSS.This issue affects Custom URL Shortener: from n/a through = 0.3.6...

Cybersecurity Professor Faced China-Funding Inquiry Before Disappearing, Sources Say

A lawyer for Xiaofeng Wang and his wife says they are “safe” after FBI searches of their homes and Wang’s sudden dismissal from Indiana University, where he taught for over 20 years...

CVE-2024-51930

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in IronFeet Custom URL Shortener custom-url-shorter allows Stored XSS.This issue affects Custom URL Shortener: from n/a through = 0.3.6...

CVE-2024-51930

CVE-2024-51930 affects the WordPress plugin Custom URL Shortener, specifically versions

PT-2024-35063 · Unknown · Jie Wang Custom Url Shortener

Name of the Vulnerable Software and Affected Versions: Jie Wang Custom URL Shortener versions 0.3.6 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations...

EasySpider Security Vulnerability

EasySpider is a visual data collection and crawler software by the individual developer Naibo Wang. A security vulnerability exists in EasySpider version 0.6.2, which stems from a path traversal issue...

Exploit for CVE-2024-36527

CVE-2024-36527 PoC and Bulk Scanner !Bannerscreens/screen.j...

The Justice Department Took Down the 911 S5 Botnet

The US Justice Department has dismantled an enormous botnet: According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide...

Is Your Computer Part of ‘The Largest Botnet Ever?’

The U.S. Department of Justice DOJ today said they arrested the alleged operator of 911 S5, a ten-year-old online anonymity service that was powered by what the director of the FBI called "likely the worlds largest botnet ever." The arrest coincided with the seizure of the 911 S5 website and...

Treasury Sanctions Creators of 911 S5 Proxy Botnet

The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route ones Web traffic through malware-infected computers around the globe...

TWCMS 安全漏洞

TWCMS is an enterprise website management system from China's Tong Wang CMS TWCMS company. A security vulnerability exists in TWCMS version v.2.6, which stems from the presence of a cross-site scripting XSS vulnerability...

Dreamer CMS 授权问题漏洞

Dreamer CMS is a Dreamer Content Management System by Junnan Wang, an individual developer in China. An authorization issue vulnerability exists in Dreamer CMS 4.1.3 and earlier versions, which stems from an authorization issue vulnerability in the component Attachment Handler...

Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)

Impact An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size whichever is larger. Thanks to Enze...

Ubuntu: Security Advisory (USN-6653-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-49494

DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting XSS vulnerability via the component selectmediapostwangEditor.php...

Desdev DedeCMS Security Breach

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has the functions of content publishing, content management, content editing and content retrieval. A security vulnerability exists ...

USN-6542-1: TinyXML vulnerability

Wang Zhong discovered that TinyXML incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service...

Dreamer CMS Cross-Site Request Forgery Vulnerability (CNVD-2023-9571566)

Dreamer CMS is a dreamer content management system by Junnan Wang, an individual developer in China. A cross-site request forgery vulnerability exists in Dreamer CMS version v4.1.3, which originates from a failure to adequately validate whether a request is from a trusted user in the component...