K000160327: Protect your network from geopolitical uncertainty with F5

Security Advisory Description While there are many cyber-threats creating a constant need for cybersecurity efforts, history teaches us that geopolitical conflicts often generate increased cyber activity. In recent years the world has seen conflicts in Ukraine, Yemen, Iran, and elsewhere generate...

JStachio XSS vulnerability: Unescaped single quotes

Impact Description: JStachio fails to escape single quotes ' in HTML, allowing an attacker to inject malicious code. Reproduction Steps: Use the following template code: html Set the value variable to ' onblur='alert1. java public class Escaping public static void mainString args Model model = ne...

CVE-2023-33962

CVE-2023-33962 (JStachio) : The vulnerability affects the JStachio Java Mustache templating engine prior to version 1.0.1, where single quotes in HTML are not escaped. This can allow an attacker to inject malicious code and potentially execute arbitrary JavaScript in the context of other users vi...

Beers with Talos Ep. #90: Hacktivism – Understanding the real-world consequences

Beers with Talos BWT Podcast episode No. 90 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded July 31, 2020 This week in BWT land, we’re discussin...

Node.js third-party modules: [dy-server2] - stored Cross-Site Scripting

I would like to report Stored XSS in dy-server2 It allows to steal session cookies, deface web , execute anything code javascript Module module name: dy-server2 version: dy-server2 npm page: https://www.npmjs.com/package/dy-server2 Module Description 这是一款轻量级http服务器，可用于文件传输，前端项目预览。 Module Stats...

SugarCRM Enterprise 9.0.0 - Cross-Site Scripting

SugarCRM Enterprise 9.0.0 - Cross-Site Scripting Exploit Title: 0Day UnauthenticatedXSS SugarCRM Enterprise Google Dork: N/A Date: 11.08.2019 Exploit Author: Ilca Lucian Florin Vendor Homepage: https://www.sugarcrm.com Version: 9.0.0 Tested on: Windows 7 / Internet Explorer 11 / Google Chrome 76...

This Week in Security News: Hijacks and Healthcare

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, Singapore looks into the effectiveness of virtual browsers in an attempt to reduce cyberattacks on healthcare systems. Also, cybercriminals...

Graffiti in the digital world: How hacktivists use defacement

Activists have been featured more frequently in the news lately, with marches shining the spotlight on women's rights and bringing about an end to gun violence, to name a few. However, the real world isn't the only place where activism happens. The digital realm has become a critical space for...

Hack Of PBS.org: 0Day Or Patch Forensics?

A high-profile attack on PBS, the U.S. Public Broadcasting System, was made possible by a previously unknown hole in the MoveableType content management software, according to the hacking group that claimed responsibility for the hack. However, security experts say that the hole may have been...

fuzzylime-xss.txt

Application: fuzzylime Forum Web Site: http://forum.fuzzylime.co.uk/st/front/index/ Versions: 1.01b and below Platform: linux, windows, freebsd, sun Bug: Cross site Scripting XSS Fix Available: Yes Advisory File: http://www.secvsn.com/content/Advisories/sr-180607-fuzzy.html...

ISSalert: ISS Alert: Remote IIS Index Server ISAPI Extension Buffer Overflow

Internet Security Systems Security Alert June 19, 2001 Remote IIS Index Server ISAPI Extension Buffer Overflow Synopsis: ISS X-Force is aware of a serious vulnerability that can be used to attack all recent versions of Microsoft Internet Information Server IIS. A flaw exists in ISAPI Index Server...