Glassdoor: XSS in www.glassdoor.com

Summary: Browser: Chrome Affected URL https://www.glassdoor.com/Location/All-Tesla-Office-Locations-E43129.htm?DIFFICULT=%3E%3Csvg%20onload%3d%26%23x00000000061;%26%23x0000000006c%26%23x0000000065%26%23x0000000072%26%23x000000000741%26%230000000000000041;%20%3C%2fscript%20 Steps To Reproduce: 1. ...

Design/Logic Flaw

Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in...

Razy in search of cryptocurrency

Last year, we discovered malware that installs a malicious browser extension on its victim's computer or infects an already installed extension. To do so, it disables the integrity check for installed extensions and automatic updates for the targeted browser. Kaspersky Lab products detect the...

Morpheus - Automated Ettercap TCP/IP Hijacking Tool

Morpheus framework automates tcp/udp packet manipulation tasks by using etter filters to manipulate target requests/responses under MitM attacks replacing the tcp/udp packet contents by our contents befor forward the packet back to the target host... workflow: 1º - attacker - arp poison local lan...