DSA-5635-1 yard – security update
Aviv Keller discovered that the frames.html file generated by YARD, a documentation generation tool for the Ruby programming language, was vulnerable to cross-site scripting. https://security-tracker.debian.org/tracker/DSA-5635-1...
SEC Consult SA-20240226-0 :: Local Privilege Escalation via DLL Hijacking in Qognify VMS Client Viewer
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Mar 02 SEC Consult Vulnerability Lab Security Advisory < 20240226-0 > ======================================================================= title: Local Privilege...
JetStream Smart Switch – TL-SG2210P v5.0/ Improper Access Control / CVE-2023-43318
Posted by Shaikh Shahnawaz on Mar 02 [+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC [+] twitter.com/_striv3r_ [Vendor] Tp-Link (http://tp-link.com) [Product] JetStream Smart...
Multiple XSS Issues in boidcmsv2.0.1
Posted by Andrey Stoykov on Mar 02 # Exploit Title: Multiple XSS Issues in boidcmsv2.0.1 # Date: 3/2024 # Exploit Author: Andrey Stoykov # Version:...
XAMPP 5.6.40 – Error Based SQL Injection
Posted by Andrey Stoykov on Mar 02 # Exploit Title: XAMPP - Error Based SQL Injection # Date: 02/2024 # Exploit Author: Andrey Stoykov #...
BACKDOOR.WIN32.AGENT.AMT / Authentication Bypass
Posted by malvuln on Mar 02 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/2a442d3da88f721a786ff33179c664b7.txt Contact: malvuln13 () gmail com Media:...
Backdoor.Win32.Jeemp.c / Cleartext Hardcoded Credentials
Posted by malvuln on Mar 02 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/d6b192a4027c7d635499133ca6ce067f.txt Contact: malvuln13 () gmail com Media:...
BACKDOOR.WIN32.AUTOSPY.10 / Unauthenticated Remote Command Execution
Posted by malvuln on Mar 02 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/b012704cad2bae6edbd23135394b9127.txt Contact: malvuln13 () gmail com Media:...
BACKDOOR.WIN32.ARMAGEDDON.R / Hardcoded Cleartext Credentials
Posted by malvuln on Mar 02 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/68d135936512e88cc0704b90bb3839e0.txt Contact: malvuln13 () gmail com Media:...
Multilaser Router – Access Control Bypass through Cookie Manipulation – CVE-2023-38946
Posted by Vinícius Moraes on Mar 02 =====[Tempest Security Intelligence - Security Advisory - CVE-2023-38946]======= Access Control Bypass in Multilaser router's Web Management Interface Author:...