The attacker can send a malicious URL containing XSS payloads in various GET parameters, allowing them to manipulate the content of the site.
mRemoteNG configuration files can be stored in an encrypted state on disk. However, mRemoteNG versions <= v1.76.20 and <= 1.77.3-dev load configuration files in plain text into memory at application start-up, even if no connection has been established yet. This allows attackers to access contents of configuration files in plain text through a memory dump and compromise user credentials. This also bypasses the connection configuration file encryption setting.
Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory.
Copyparty is a portable file server. Versions prior to 1.8.6 are subject to a reflected cross-site scripting (XSS) Attack. Vulnerability that exists in the web interface of the application could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link.
GreenShot 1.2.10 and below is vulnerable to an insecure object deserialization in its custom *.greenshot format. A stream of .Net object is serialized and insecurely deserialized when a *.greenshot file is open with the software. On a default install, the *.greenshot file extension is associated with the program, so double-click on a *.greenshot file will lead to arbitrary code execution.
This exploit allows an attacker to perform SQL injection in WordPress Plugin AN_Gradebook version 5.0.1 or earlier. By exploiting this vulnerability, an attacker can gain unauthorized access to the database.
The attacker can send a malicious URL containing an XSS payload to the victim, potentially allowing them to perform actions such as stealing session tokens or login credentials.
An authenticated user with file upload authority can upload a specially crafted SVG file containing a malicious JavaScript payload. When the file is accessed from the directory, the payload is executed, resulting in a cross-site scripting (XSS) attack.
The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials
The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials
Services By CQR