210 matches found
Complex xss to bypass protection
Description 1.First we login as a normal user, and then comment under a question, the content of the comment is 2.Then we login as an administrator user. And find the comment we just submitted, the administrator can click the edit button.Then the administrator Click "Save edits" without any...
CVE-2022-39949
An improper control of a resource through its lifetime vulnerability CWE-664 in FortiEDR CollectorWindows 4.0.0 through 4.1, 5.0.0 through 5.0.3.751, 5.1.0 may allow a privileged user to terminate the FortiEDR processes with special tools and bypass the EDR protection...
F5 Networks BIG-IP : libxslt vulnerability (K30444545)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.8 / 16.1.4 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K30444545 advisory. - libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and...
CVE-2022-36085 OPA Compiler: Bypass of WithUnsafeBuiltins using `with` keyword to mock functions
Open Policy Agent OPA is an open source, general-purpose policy engine. The Rego compiler provides a deprecated WithUnsafeBuiltins function, which allows users to provide a set of built-in functions that should be deemed unsafe — and as such rejected — by the compiler if encountered in the policy...
The vulnerability of the Adobe Framemaker desktop publishing system arises from the possibility of an operation going beyond the buffer boundaries in memory. This allows a hacker to bypass the ASLR protection mechanism.
The vulnerability of the Adobe Framemaker desktop publishing system lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to bypass the ASLR protection mechanism by using a specially created malicious file...
GLSA-202208-32 : Vim, gVim: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202208-32 Vim, gVim: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block...
ETHRegistrarController._setRecords can register invalid domains and to some degree, its possible to register any domain name
Lines of code Vulnerability details Impact 1. Register invalid domains at Registrar. 2. It's possible to register any domain name. Proof of Concept ETHRegistrarController.setRecords call function at address resolveruser input with call data bytes calldata datauser input. So it can bypass any meth...
Oracle Linux 8 : vim (ELSA-2022-5319)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5319 advisory. - CVE-2022-1621 vim: heap buffer overflow - CVE-2022-1629 vim: buffer over-read - CVE-2022-1154 vim: use after free in utfptr2char - CVE-2022-0361 vim:...
PT-2022-22042 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.335 through 2.355 Description: The issue allows attackers in some cases to bypass a protection mechanism, directly accessing view fragments containing sensitive information and bypassing permission checks in the correspondi...
Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2022-1953)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
LinkedIn: The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more su
example- String username = request.getParameter"username"; String password = request.getParameter"password"; int authResult = authenticateUserusername, password; the security tokens can be bypassed easily , they are dont make user account safe . //script - check attached file Impact Technical...
SSRF on /proxy
Description draw.io is vulnerable to SSRF on the /proxy endpoint. It's trivial to bypass the protections on checkUrlParameter. Proof of Concept 1. Make a request to proxy?url=http%3a//0:8080/ GET /proxy?url=http%3a//0:8080/ HTTP/1.1 Host: 127.0.0.1:8080 sec-ch-ua: "NotA:Brand";v="8",...
CVE-2022-1621
Heap buffer overflow in vimstrncpy findword in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution...
CVE-2022-1621
Heap buffer overflow in vimstrncpy findword in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution...
CVE-2022-1621 Heap buffer overflow in vim_strncpy find_word in vim/vim
Heap buffer overflow in vimstrncpy findword in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution...
CVE-2022-1621
CVE-2022-1621 : A heap-based overflow in Vim's vim_strncpy find_word path (GitHub vim/vim) prior to 8.2.4919 can crash the editor, potentially modify memory, and may allow remote code execution. Connected sources confirm the same description across vendor advisories (AstraLinux and ALAS2023-2023-...
CVE-2022-1616
Use after free in appendcommand in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution...
CVE-2022-1616
Use after free in appendcommand in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution...
CVE-2022-1616 Use after free in append_command in vim/vim
Use after free in appendcommand in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution...
CVE-2022-1616 Use after free in append_command in vim/vim
Use after free in appendcommand in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution...