Lucene search
K

3979 matches found

Huntr
Huntr
added 2022/05/05 8:34 p.m.10 views

Cross site scripting

Description 1. Login as teacher 2.Create a new assignment at https://www.rosariosis.org/demonstration/Modules.php?modname=Grades/Assignments.php&assignmenttypeid=3&assignmentid=new 3. Add this payload in discription 4. Save this assigment 5. You will see a prompt...

Exploits0
Huntr
Huntr
added 2022/05/02 8:53 a.m.10 views

Improper File Deletion

Description A student uploaded a file when submitting an assignment. Then, if a teacher deletes that assignment, the attachment is still remained on the server and if anyone has the link to that file, he can access to it to view or download it. Steps to reproduce Login to the demo environment by...

2AI score
Exploits0
CNNVD
CNNVD
added 2022/05/02 12:0 a.m.3 views

Qualcomm 信息泄露漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits including primarily semiconductor devices, but also passive components, etc., and from time to time fabricated on the surface of semiconductor wafers. An information disclosure vulnerability exists in several...

6.5CVSS5.8AI score0.00158EPSS
Exploits0References5
Imperva Blog
Imperva Blog
added 2022/04/28 12:48 p.m.18 views

API Security is Necessary to Stop Threats that WAFs and Bot Protection Cannot

Today, there are still API security threats that most WAFs and Advanced Bot Protection solutions cannot manage. In this post, we’ll explain these new types of threats and make some recommendations for features you need within solutions to protect your APIs. When a bad actor makes a completely val...

0.3AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/04/27 12:0 a.m.4 views

The vulnerability of the telldir function in the Perl programming language allows a hacker to cause a service failure.

The vulnerability of the telldir function in the Perl programming language is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure remotely...

5CVSS7.1AI score0.08878EPSS
Exploits1References7Affected Software2
Cvelist
Cvelist
added 2022/04/26 6:45 p.m.24 views

CVE-2022-24866 Exposure of Sensitive Information to an Unauthorized Actor in Discourse Assign

Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Prior to version 1.0.1, the UserBookmarkSerializer serialized the whole User / Group object, which leaked some private information. The data was only being serialized to people who could...

4.3CVSS4.9AI score0.00607EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/04/25 12:0 a.m.9 views

The vulnerability of Adobe Illustrator’s graphic editor, related to pointer naming errors, allows a hacker to trigger a service failure.

The vulnerability of the Adobe Illustrator graphic editor is related to pointer assignment errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS5.9AI score0.01714EPSS
Exploits0References3Affected Software2
Tenable Nessus
Tenable Nessus
added 2022/04/25 12:0 a.m.86 views

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9313)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9313 advisory. - netfilter: nftables: initialize registers in nftdochain Pablo Neira Ayuso Orabug: 34012925 CVE-2022-1016 - btrfs: unlock newly allocated extent buffe...

9CVSS7.3AI score0.88106EPSS
Exploits122References15
OSV
OSV
added 2022/04/24 8:56 p.m.9 views

GSD-2022-1001240 drm/amd/display: Call dc_stream_release for remove link enc assignment

drm/amd/display: Call dcstreamrelease for remove link enc assignment This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.2 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2022/04/24 8:36 p.m.10 views

GSD-2022-1000975 io_uring: abort file assignment prior to assigning creds

iouring: abort file assignment prior to assigning creds This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.4 by commit...

7.2AI score
Exploits0
Huntr
Huntr
added 2022/04/23 8:31 p.m.17 views

Mass Assignment Leading to (Limited) Password Confirmation Bypasses at UsersController

Description Hello there! Hope you are having an amazing day! 🤗 Just found out, while testing one of diaspora\ open servers, that the /user/edit endpoint has a limited case of "mass assignment", which enables an authenticated user to change their password and disable 2FA or change its secret witho...

7.1AI score
Exploits0
Huntr
Huntr
added 2022/04/23 6:12 p.m.8 views

Cross-site Scripting (XSS) - Stored

Description Stored XSS found due to long name summarize Proof of Concept 1.First, access the latest version of the demo environment. https://www.rosariosis.org/demonstration/index.php 2.Then log in with your teacher account teacher/teacher 3.After logging in, access to add an assignment. 4.Then...

0.7AI score
Exploits0References1
Veracode
Veracode
added 2022/04/20 11:43 a.m.32 views

Privilege Escalation

com.liferay.portal is vulnerable to privilege escalation. Remote authenticated attackers are able to gain access to view sensitive user information by accessing a list of sites and groups via the site membership assignment UI, due to improper validations of user permissions...

4.3CVSS5.8AI score0.00697EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/04/20 12:0 a.m.7 views

The vulnerability in the web interface of the Cisco Identity Services Engine, which allows a perpetrator to disclose protected information

The vulnerability of the Cisco Identity Services Engine’s network policy management web interface is related to the improper assignment of privileges. Exploiting this vulnerability could allow a malicious actor to disclose protected information...

6.8CVSS6.5AI score0.0097EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2022/04/19 1:15 p.m.13 views

Code injection

Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment UI...

4CVSS4.4AI score0.00697EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2022/04/14 4:15 p.m.19 views

CVE-2022-22189

An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration CSO allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to. This issue affects:...

7.8CVSS0.00225EPSS
Exploits0References1
Prion
Prion
added 2022/04/14 4:15 p.m.21 views

Design/Logic Flaw

An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration CSO allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to. This issue affects:...

7.2CVSS7.5AI score0.00225EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/04/14 3:50 p.m.23 views

CVE-2022-22189 Contrail Service Orchestration: An authenticated local user may have their permissions elevated via the device via management interface without authentication

An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration CSO allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to. This issue affects:...

7.3CVSS7.8AI score0.00225EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2022/04/14 12:0 a.m.5 views

The vulnerability of the avi.c component of the VLC Media Player allows a hacker to cause a service failure.

The vulnerability of the avi.c component of the VLC Media Player media player is related to pointer assignment errors. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

7.8CVSS7.5AI score0.01811EPSS
Exploits0References5Affected Software3
Prion
Prion
added 2022/04/12 9:15 a.m.11 views

Code injection

A vulnerability has been identified in SIMATIC Energy Manager Basic All versions V7.3 Update 1, SIMATIC Energy Manager PRO All versions V7.3 Update 1. Affected applications improperly assign permissions to critical directories and files used by the application processes. This could allow a local...

7.2CVSS8.2AI score0.00234EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder