Re: Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS)

Read Time:20 Second

Posted by David Fifield on Feb 01

I tested a few more times, and it appears the text injection has
disappeared.

These are timestamps when I tested, with offsets relative to the initial
discovery.

+0h 2025-01-28 03:00 initial discovery
+5h 2025-01-28 08:19 ?q=EgtoZWxsbyB3b3JsZA works
(https://archive.is/DD9xB)
+14h 2025-01-28 17:31 ?q=EgtoZWxsbyB3b3JsZA works
(no archive)
+45h…

USN-7337-1: LibreOffice vulnerability

It was discovered that LibreOffice incorrectly handled Office URI Schemes. If a user or automated system were tricked into opening...

March 10, 2025

USN-7299-2: X.Org X Server vulnerabilities

USN-7299-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS....

March 10, 2025

thunderbird-128.8.0-1.fc41

FEDORA-2025-bd6664e83b Packages in this update: thunderbird-128.8.0-1.fc41 Update description: Update to 128.8.0 https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/ https://www.thunderbird.net/en-US/thunderbird/128.8.0esr/releasenotes/ Read More

March 10, 2025

thunderbird-128.8.0-1.fc42

FEDORA-2025-0f70bc6306 Packages in this update: thunderbird-128.8.0-1.fc42 Update description: Update to 128.8.0 https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/ https://www.thunderbird.net/en-US/thunderbird/128.8.0esr/releasenotes/ Read More

March 10, 2025

thunderbird-128.8.0-1.fc40

FEDORA-2025-4b50cd66a5 Packages in this update: thunderbird-128.8.0-1.fc40 Update description: Update to 128.8.0 https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/ https://www.thunderbird.net/en-US/thunderbird/128.8.0esr/releasenotes/ Read More

March 10, 2025

ZDI-25-114: Ivanti Endpoint Manager Patch Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required...

March 10, 2025

UK AI Research Under Threat From Nation-State Hackers

Switzerland Mandates Cyber-Attack Reporting for Critical Infrastructure

Thousands of WordPress Websites Infected with Malware

Texas Developer Convicted After Kill Switch Sabotage Plot

Number of Unauthorized Cobalt Strike Copies Plummets 80%

Feds Link $150M Cyberheist to 2022 LastPass Hacks

Friday Squid Blogging: Squid Loyalty Cards

Prevent, Detect, Contain: LevelBlue MDR’s Guide Against Black Basta Affiliates’ Attacks

Rayhunter: Device to Detect Cellular Surveillance

Re: Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS)

USN-7337-1: LibreOffice vulnerability

USN-7299-2: X.Org X Server vulnerabilities

thunderbird-128.8.0-1.fc41

thunderbird-128.8.0-1.fc42

thunderbird-128.8.0-1.fc40

ZDI-25-114: Ivanti Endpoint Manager Patch Unrestricted File Upload Remote Code Execution Vulnerability