WordPress Visual Slide Box Builder 3.2.9 SQL Injection Vulnerability

Title: WordPress 6.0 - Visual Slide Box Builder 3.2.9 SQLi Author: nu11secur1ty Vendor: https://wphive.com/ Software: https://wphive.com/plugins/wp-visual-slidebox-builder/?pluginversion=3.2.9 Reference:...

Counter Box < 1.2.1 - Arbitrary Counter Activation/Deactivation via CSRF

The plugin is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks https://example.com/wp-admin/admin.php?page=counter-box&id=1&action=activate...

Counter Box < 1.2.1 - Arbitrary Counter Activation/Deactivation via CSRF

The plugin is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks PoC https://example.com/wp-admin/admin.php?page=counter-box=1=activate...

Yokogawa Rental & Lease Passage Drive 输入验证错误漏洞

The Yokogawa Rental & Lease Passage Drive is a passage drive endpoint from Yokogawa Rental & Lease, Japan. An input validation error vulnerability exists in Yokogawa Rental & Lease Passage Drive that stems from insufficient data validation of Passage Drive including inter-process communication,...

JVN#23766146: Passage Drive vulnerable to insufficient data verification

Passage Drive provided by Yokogawa Rental & Lease Corporation contains an insufficient data verification vulnerability for interprocess communication CWE-20. Impact By running a malicious program, an arbitrary OS command may be executed with LocalSystem privilege of the Windows system where the...

Dynamic analysis of firmware components in IoT devices

Among the various offensive security techniques, vulnerability assessment takes priority when it comes to analyzing the security of IoT/IIoT devices. In most cases, such devices are analyzed using the black box testing approach, in which the researcher has virtually no knowledge about the object ...

box-mensuelle.fr Cross Site Scripting vulnerability OBB-2695436

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

DEBIAN-CVE-2021-40607

The schmboxsize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command...

Command injection

The schmboxsize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command...

UBUNTU-CVE-2021-40607

The schmboxsize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command...

GPAC 安全漏洞

GPAC is an open source multimedia framework. A security vulnerability exists in GPAC version 1.0.1, which originates from the schmboxsize function. An attacker can exploit this vulnerability to cause a denial of service via a specially crafted file in the MP4Box command...

Malicious code in skale-box (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c0fe530bb2b89b10712f8424ef8a5939bb017c13ae4895c1c889befdc2bc0df7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6139 Malicious code in skale-box (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c0fe530bb2b89b10712f8424ef8a5939bb017c13ae4895c1c889befdc2bc0df7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in yelp-react-component-photo-box (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cf62968b39da6c0f32085698bb319e4089bc94d8fdfd0b0474282b77a6bae114 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-7311 Malicious code in yahoo-react-multi-select-box (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 59b42c16c52333b42adb394c8784f37abd19319bd11704e6381f6c1af61d4d1c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-7336 Malicious code in yelp-react-component-photo-box (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cf62968b39da6c0f32085698bb319e4089bc94d8fdfd0b0474282b77a6bae114 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

cn.easyutil:veteran-core (=1.0.1), cn.easyutil:veteran-web (=1.0.1) +14 more potentially affected by CVE-2021-40660 via org.javadelight:delight-nashorn-sandbox (>=0.1.16 <=0.2.5)

org.javadelight:delight-nashorn-sandbox MAVEN version =0.1.16, =1.2.22, =1.1-pre-alpha-19, =1.1-pre-alpha-21, =1.1-pre-alpha-21, =1.1-pre-alpha-21, =1.1-pre-alpha-21, =1.1-pre-alpha-21, =1.1-pre-alpha-21, =1.1-pre-alpha-21, =3.2.0, =3.2.0, =1.0.6, =0.1.0, =0.1.2 and more Source cves: CVE-2021-406...

Design/Logic Flaw

Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality...

THOMSON TCW710 跨站脚本漏洞

The THOMSON TCW710 is a set-top box from THOMSON Canada. A security vulnerability exists in the THOMSON TCW710 ST5D.10.05 version, which originates from an unknown section of the file /goform/RgDhcp. A remote attacker can exploit the vulnerability to cause a stored cross-site scripting attack usi...

HUAWEI HarmonyOS has an unspecified vulnerability (CNVD-2022-66176)

HUAWEI HarmonyOS is an operating system from Huawei China. It provides a microkernel-based distributed operating system. A security vulnerability exists in HUAWEI HarmonyOS 2.0, which stems from a post-lock pop-up box issue in the operator's custom USSD service, and could be exploited by an...