Kim Alvefur discovered that insufficient message sender validation in
dino-im, a modern XMPP/Jabber client, may result in manipulation of
entries in the personal bookmark store without user interaction via a
specially crafted message. Additionally an attacker can take advantage
of this flaw to change how group chats are displayed or force a user to
join or leave an attacker-selected groupchat.
More Stories
SEC Consult SA-20240513-0 :: Tolerating Self-Signed Certificates in SAPĀ® Cloud Connector
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 14 SEC Consult Vulnerability Lab Security Advisory < 20240513-0 >...
TROJANSPY.WIN64.EMOTET.A / Arbitrary Code Execution
Posted by malvuln on May 14 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/f917c77f60c3c1ac6dbbadbf366ddd30.txt Contact:...
BACKDOOR.WIN32.ASYNCRAT / Arbitrary Code Execution
Posted by malvuln on May 14 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/2337b9a12ecf50b94fc95e6ac34b3ecc.txt Contact:...
Re: Panel.SmokeLoader / Cross Site Request Forgery (CSRF)
Posted by malvuln on May 14 Updated and fixed a payload typo and added additional info regarding the stored persistent...
Panel.SmokeLoader / Cross Site Request Forgery (CSRF)
Posted by malvuln on May 14 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560f_B.txt Contact:...
Panel.SmokeLoader C2 / Cross Site Scripting (XSS)
Posted by malvuln on May 14 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560f.txt Contact:...