43 matches found
PT-2024-3023 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to a memory boundary read and can allow an attacker to disclose protected information. There is no information provided about the estimated number of potentially affect...
Microsoft’s December 2023 Patch Tuesday Addresses One Zero-day Vulnerability
Summary: In the December Patch Tuesday release, Microsoft addressed a total of 42 CVEs, including one zero-day vulnerability. Within this range of vulnerabilities, the security update covered the typical spectrum of issues, including RCE flaws, concerns related to privilege escalation, spoofing,...
Google Pixel Competitive Conditions Issue Vulnerability
Google Pixel is a smartphone from the American company Google Google. Google Pixel has a security vulnerability that stems from the existence of a competitive condition that could potentially be used after a free...
Intel NUC Security Vulnerability
Intel NUC is a small minicomputer from Intel Corporation USA. A security vulnerability exists in Intel NUC. An attacker could exploit this vulnerability to cause elevation of privilege, denial of service, and information disclosure...
Unraveling the Intricate Arsenal of Stayin’ Alive Campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In the October Patch Tuesday release, Microsoft addressed 103 flaws, including three actively exploited zero-day vulnerabilities. These patches cover critical and important vulnerabilities, a Chromium fi...
FRONT-RUNNING SUSCEPTIBILITY IN ADDBID()
Lines of code Vulnerability details Impact Auction.addBid is susceptible to front-running attacks. This vulnerability presents a significant risk as participants with adequate knowledge or skill could manipulate Ethereum transaction ordering to gain undue advantage, potentially compromising the...
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manageteam&id=. id: CVE-2022-31980 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL...
Code injection
This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context...
ctf
It is an offensive tool for reverse engineering. The repository contains a binary decompiler for a "Magic Word" challenge, which appears to be a reverse engineering exercise. The code is written in C++ and utilizes the basicstring class from the C++ Standard Library. The decompiled main function ...
Grid Solutions GE MU320E 加密问题漏洞
The MU320E is a process interface unit from GE with integrated analog and digital merge interfaces. An insufficient cryptographic strength vulnerability exists in the firmware prior to GE MU320E 04A00.1. The vulnerability stems from some aspects of the SSH server configuration file not being...
IBM Spectrum Protect Plus Clickjacking Vulnerability
IBM Spectrum Protect Plus is a data protection and availability solution for virtualized environments that can be deployed in minutes and protect your environment in less than an hour. A clickjacking vulnerability exists in IBM Spectrum Protect Plus 10.1.0 - 10.1.6. An attacker can exploit this...
Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developer reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...
Data Modem Buffer Overflow Vulnerability in Multiple Qualcomm Products
Qualcomm MDM9206, etc. are products of Qualcomm Incorporated, U.S.A. The MDM9206 is a central processing unit CPU product.The SDX24 is a modem.The SDA660 is a central processing unit CPU product. A buffer overflow vulnerability exists in Data Modem in multiple Qualcomm products.The vulnerability...
CVE-2013-0178
Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm...
Tor: Access to local file system using javascript
Issue : Access to local file system using javascriptslightly xss on server side The browser can access the local files using iframes with a local html file. this is very normal and often used for local web development but javascript shouldn't be able to get the content of that iframe because this...
The vulnerability of the Android operating system, which allows a perpetrator to trigger a service failure or otherwise affect the system.
The vulnerability of the Audioserver component of the libeffects sub-component in the Android operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor to cause service failures or otherwise affect the system...
Google Android - '/system/bin/sdcard' Stack Buffer Overflow (PoC)
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=798 Android: Stack-buffer-overflow in /system/bin/sdcard There's an integer overflow issue in getnodepathlocked, which results in a buffer overflow. For all of the calling paths, this is going to overflow a stack buffer in the pare...
Adobe Flash Player Days Numbered
If there’s unanimity among security professionals in anything, it’s in their loathing of Adobe’s Flash Player. There’s yet to be an APT or exploit kit that hasn’t welcomed vulnerabilities in the development platform with open arms. And for all that misery tallied up in lost intellectual property...
OOApp Guestbook - Multiple HTML Injection Vulnerabilities
OOApp Guestbook - Multiple HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/12647/info OOApp Guestbook is reportedly affected by multiple HTML injection vulnerabilities. These issues occur because the application fails to properly sanitize user-supplied input. The...
SmallFTPd 1.0.3 - Remote Denial of Service
source: https://www.securityfocus.com/bid/9684/info It has been reported that SmallFTPD is prone to a remote denial of service vulnerability. This issue is due to the application failing to properly validate user input. Successful exploitation of this issue may cause the affected server to crash,...