EUVD-2024-52857

Malicious code in bioql PyPI...

CVE-2024-55948

Discourse is an open source platform for community discussion. In affected versions an attacker can make craft an XHR request to poison the anonymous cache for example, the cache may have a response with missing preloaded data. This issue only affects anonymous visitors of the site. This problem...

CVE-2024-55948

CVE-2024-55948 describes an anonymous cache poisoning vulnerability in Discourse. In affected versions, an attacker can craft an XHR request to contaminate the anonymous cache, potentially causing a response with missing preloaded data and affecting only anonymous visitors. Mitigation in the prov...

SUSE CVE-2012-0475

Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site 1 XMLHttpRequest or 2 WebSocket operation involvin...

Shopify: Ability to publish a paid theme without purchasing it.

Hi, Description I kept looking for alternatives to my report 927567 and I found another way to publish a paid theme without having to purchase it. This time the trick is to send "ThemePublishLegacy" XHR request while the theme is being installed. Requirements 1. Google Chrome suggested because...

Cross-site Scripting (XSS)

jquery-mobile is vulnerable to cross-site scripting. Lack of validation in the Content-Type header of an XHR request results in the rendering of an AJAX JSON response as HTML in a user's browser. A remote attacker is able to inject arbitrary Javascript into a victim's browser by relying on anothe...

Parity Ethereum Client Overly Permissive Cross-domain Whitelist JSON-RPC vulnerability

Summary An exploitable overly permissive cross-domain CORS whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit malicious website to trigger this...

Ruby on Rails: CSRF header is sent to external websites when using data-remote forms

Looks like there is a regression in the fix for CVE-2015-1840 H1 report. The origin isn't being checked before adding a CSRF header to data-remote forms. I noticed this when checking out the new rails-ujs repo. Example Rails template: submit Example http://attacker.com app require "sinatra" optio...

Google Finance was traced to reflected File Download(RFD)vulnerabilities-vulnerability warning-the black bar safety net

! A Portuguese network security expert David Sopas found the impact of Google Finance a reflected File DownloadRFDvulnerabilities. I'm in audits of other clients time to discover this vulnerability, through RFD, you need to establish a page to force the download. This Google JSON file of the...

Apache - httpOnly Cookie Disclosure

// Source: https://gist.github.com/1955a1c28324d4724b7b/7fe51f2a66c1d4a40a736540b3ad3fde02b7fb08 // Most browsers limit cookies to 4k characters, so we need multiple function setCookies good // Construct string for cookie value var str = ""; for var i=0; i content var content =...