ARM Mali GPU 缓冲区错误漏洞

ARM Mali GPUs are a family of mobile display chipsets GPUs from the British company ARM. Like other 3D display chips based on IP cores embedded technology, the Mali display chipset does not provide a display controller similar to a graphics card specifically designed to drive an LCD monitor to...

Microweber logic flaw vulnerability

Microweber is an online store management system from the Microweber community in the United States that provides drag-and-drop functionality. The system includes modules for adding products, images, etc. A logic flaw vulnerability exists in Microweber, which stems from an error in the business...

Auction DOS On The Bidding

Lines of code Vulnerability details Impact During the code review, It has been observed that If the bidder is contract, the bidder can make auction infunctional. Proof of Concept 1. Navigate to the following contract. 2. Auction has public function named as placeBid. 3. Example Poc steps can be...

EulerOS 2.0 SP10 : rpm (EulerOS-SA-2022-1215)

According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the...

EulerOS 2.0 SP10 : rpm (EulerOS-SA-2022-1234)

According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the...

Microweber CMS v1.2.10 Local File Inclusion (Authenticated)

Microweber CMS v1.2.10 has a backup functionality. Upload and download endpoints can be combined to read any file from the filesystem. Upload function may delete the local file if the web service user has access. Module Options msf use auxiliary/gather/microweberlfi msf auxiliarymicroweberlfi sho...

CVE-2021-43724

A Cross Site Scripting XSS vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file...

Microweber CMS 1.2.10 Local File Inclusion Exploit

Exploit Title: Microweber CMS v1.2.10 Local File Inclusion Authenticated Exploit Author: Talha Karakumru Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber/archive/refs/tags/v1.2.10.zip Version: Microweber CMS v1.2.10 Tested on: Microweber CMS v1.2.10...

Microweber CMS 1.2.10 - Local File Inclusion (Authenticated) (Metasploit)

Exploit Title: Microweber CMS v1.2.10 Local File Inclusion Authenticated Date: 22.02.2022 Exploit Author: Talha Karakumru Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber/archive/refs/tags/v1.2.10.zip Version: Microweber CMS v1.2.10 Tested on:...

Authentication flaw

This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of...

CVE-2022-24663

PHP Everywhere = 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress shortcodes, which can be used by any authenticated user. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

[SECURITY] [DLA 2918-1] debian-edu-config security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2918-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta February 12, 2022 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 5072-1] debian-edu-config security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5072-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 11, 2022 https://www.debian.org/security/faq -...

CVE-2022-24289

Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence ROP feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications. In Apache Cayenne 4.1 and...

Sealevel Systems SeaConnect 370W Trust Management Issue Vulnerability

Sealevel Systems SeaConnect 370W is an Industrial Internet of Things Iiot edge device from Sealevel Systems, Inc. The Sealevel Systems SeaConnect 370W is vulnerable to a trust management issue stemming from a misconfiguration of the product's MQTTS functionality, which could be exploited by an...

CVE-2022-21173

Hidden functionality vulnerability in ELECOM LAN routers WRH-300BK3 firmware v1.05 and earlier, WRH-300WH3 firmware v1.05 and earlier, WRH-300BK3-S firmware v1.05 and earlier, WRH-300DR3-S firmware v1.05 and earlier, WRH-300LB3-S firmware v1.05 and earlier, WRH-300PN3-S firmware v1.05 and earlier...

CVE-2022-21173

Hidden functionality vulnerability in ELECOM LAN routers WRH-300BK3 firmware v1.05 and earlier, WRH-300WH3 firmware v1.05 and earlier, WRH-300BK3-S firmware v1.05 and earlier, WRH-300DR3-S firmware v1.05 and earlier, WRH-300LB3-S firmware v1.05 and earlier, WRH-300PN3-S firmware v1.05 and earlier...

CVE-2022-21173

Hidden functionality vulnerability in ELECOM LAN routers WRH-300BK3 firmware v1.05 and earlier, WRH-300WH3 firmware v1.05 and earlier, WRH-300BK3-S firmware v1.05 and earlier, WRH-300DR3-S firmware v1.05 and earlier, WRH-300LB3-S firmware v1.05 and earlier, WRH-300PN3-S firmware v1.05 and earlier...

Design/Logic Flaw

Hidden functionality vulnerability in ELECOM LAN routers WRH-300BK3 firmware v1.05 and earlier, WRH-300WH3 firmware v1.05 and earlier, WRH-300BK3-S firmware v1.05 and earlier, WRH-300DR3-S firmware v1.05 and earlier, WRH-300LB3-S firmware v1.05 and earlier, WRH-300PN3-S firmware v1.05 and earlier...

February 8, 2022—Hotpatch KB5010456 (OS Build 20348.525)

February 8, 2022—Hotpatch KB5010456 OS Build 20348.525 Improvements and fixes This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release. If you installed earlier updates, only the new fixes contained in this packag...