CVE-2021-33371

A stored cross-site scripting XSS vulnerability in /navbaraction.php of Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat box...

PT-2022-10231 · Unknown · Student Management System

Name of the Vulnerable Software and Affected Versions: Student Management System version 1.0 Description: A stored cross-site scripting XSS issue in the "/nav bar action.php" API endpoint allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat box...

WordPress Plugin Visual Slide Box Builder 3.2.9 - SQLi

Title: WordPress Plugin Visual Slide Box Builder 3.2.9 - SQLi Author: nu11secur1ty Date: 07.11.2022 Vendor: https://wphive.com/ Software: https://wphive.com/plugins/wp-visual-slidebox-builder/?pluginversion=3.2.9 Reference:...

CVE-2020-21405

An issue was discovered in H96 Smart TV Box H96 Pro Plus allows attackers to corrupt files via calls to the saveDeepColorAttr service.unk...

CVE-2020-21406

An issue was discovered in RK Smart TV Box MAX and V88 SmartTV box that allows attackers to cause a denial of service via the switchNextDisplayInterface service...

Design/Logic Flaw

An issue was discovered in H96 Smart TV Box H96 Pro Plus allows attackers to corrupt files via calls to the saveDeepColorAttr service.unk...

Denial of service

An issue was discovered in RK Smart TV Box MAX and V88 SmartTV box that allows attackers to cause a denial of service via the switchNextDisplayInterface service...

CVE-2020-21406

An issue was discovered in RK Smart TV Box MAX and V88 SmartTV box that allows attackers to cause a denial of service via the switchNextDisplayInterface service...

CVE-2020-21406

The CVE-2020-21406 vulnerability affects RK Smart TV Box MAX and V88 SmartTV box. It allows a denial-of-service via the switchNextDisplayInterface service. According to the initial records, the issue has a CVSS v3.1 base score of 7.5 (Network, no authentication, low complexity, high impact on ava...

CVE-2020-21405

CVE-2020-21405 affects H96 Smart TV Box H96 Pro Plus. The issue allows an attacker to corrupt files via calls to the saveDeepColorAttr service. Root cause details are not provided in the supplied documents. CVSS v3.1 base score 7.5 (HIGH), vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Exploitation...

CVE-2020-21405

An issue was discovered in H96 Smart TV Box H96 Pro Plus allows attackers to corrupt files via calls to the saveDeepColorAttr service.unk...

CVE-2022-34866

Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for Box version v1.0.0 contain an insufficient data verification vulnerability for interprocess communication. By running a malicious program, an arbitrary OS command may be executed with LocalSystem privilege of the Windows system where...

CVE-2022-34866

Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for Box version v1.0.0 contain an insufficient data verification vulnerability for interprocess communication. By running a malicious program, an arbitrary OS command may be executed with LocalSystem privilege of the Windows system where...

Design/Logic Flaw

Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for Box version v1.0.0 contain an insufficient data verification vulnerability for interprocess communication. By running a malicious program, an arbitrary OS command may be executed with LocalSystem privilege of the Windows system where...

CVE-2022-34866

Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for Box version v1.0.0 contain an insufficient data verification vulnerability for interprocess communication. By running a malicious program, an arbitrary OS command may be executed with LocalSystem privilege of the Windows system where...

RK Smart TV Box MAX和V88 SmartTV Box 安全漏洞

The Amazon RK Smart TV Box and V88 SmartTV Box are both set-top boxes from Amazon.com, Inc. A security vulnerability exists in the RK Smart TV Box MAX and V88 SmartTV Box that originated from a vulnerability that allows an attacker to cause a denial of service via the switchNextDisplayInterface...

H96 Smart TV Box 资源管理错误漏洞

H96 Smart TV Box is a set-top box from H96. A security vulnerability exists in H96 Smart TV Box where an attacker can corrupt files by calling saveDeepColorAttr service.unk...

PT-2022-22402 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Passage Drive versions v1.4.0 to v1.5.1.0 Passage Drive for Box version v1.0.0 Description: The issue is related to insufficient data verification for interprocess communication, which can be exploited by running a malicious program. This...

Malicious Package

Overview monash-college-combo-box is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

WordPress Visual Slide Box Builder 3.2.9 SQL Injection

Title: WordPress 6.0 - Visual Slide Box Builder 3.2.9 SQLi Author: nu11secur1ty Date: 07.11.2022 Vendor: https://wphive.com/ Software: https://wphive.com/plugins/wp-visual-slidebox-builder/?pluginversion=3.2.9 Reference:...