Cross site scripting

In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting XSS. The “search term" search functionality is not sufficiently sanitized while displaying the results of the search, which can be leveraged to inject arbitrary scripts. These scripts are executed in a victim’s...

CVE-2022-22114 Teedy - Reflected Cross-Site Scripting (XSS) in the Search Functionality

In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting XSS. The “search term" search functionality is not sufficiently sanitized while displaying the results of the search, which can be leveraged to inject arbitrary scripts. These scripts are executed in a victim’s...

Depositor can reenter contract on claim creation

Handle kenzo Vulnerability details This finding is almost identical to my previous finding "Claimer can reenter contract on claim creation", but in this scenario, the depositor can reenter via Depositors' safeMint function. When depositing, Depositors is minting the token using safeMint, which wi...

Weak Password Requirements in Daybyday CRM

In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’...

Huawei HarmonyOS has an unspecified vulnerability (CNVD-2022-08345)

Huawei HarmonyOS is an operating system from Huawei, China. A security vulnerability exists in a component of Huawei HarmonyOS, which provides a microkernel-based, fully-scoped distributed operating system. An attacker can exploit the vulnerability to cause abnormal system functionality...

Injection in UserFrosting

In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account...

BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetData endpoint. The issue results from the lack of authorization prior to allowi...

Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5207-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5207-1 advisory. Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could us...

CVE-2022-22110

In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’...

borrow() function has state updates after a callback to msg.sender

Handle jayjonah8 Vulnerability details Impact In TimeswapPair.sol, the borrow function has a callback to the msg.sender in the middle of the function while there are still updates to state that take place after the callback. The lock modifier guards against reentrancy but not against cross functi...

In the lend() function state updates are made after the callback

Handle jayjonah8 Vulnerability details Impact In TimeswapPair.sol, the lend function has a callback to the msg.sender in the middle of the function while there are still updates to state that take place after the callback. The lock modifier guards against reentrancy but not against cross function...

Trendnet AC2600 TEW-827DRU Information Disclosure Vulnerability

Trendnet AC2600 TEW-827DRU is a wireless router. Trendnet AC2600 TEW-827DRU is vulnerable to an information disclosure vulnerability that stems from a failure to properly disclose credentials for the device's smb functionality. An attacker could exploit the vulnerability to display all mb account...

CVE-2021-20160

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device. The username parameter used when configuring smb functionality for the device is vulnerable to command injection as root...

CVE-2021-20173

Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection vulnerability in update functionality of the device. By triggering a system update check via the SOAP interface, the device is susceptible to command injection via preconfigured values...

CVE-2021-20160

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device. The username parameter used when configuring smb functionality for the device is vulnerable to command injection as root...

CVE-2021-20152

Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent functionality. If enabled, anyone is able to visit and modify settings and files via the Bittorent web client by visiting: http://192.168.10.1:9091/transmission/web/...

CVE-2021-20153

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead to remote code execution on the device. If an end user inserts a flash drive with a malicious...

Design/Logic Flaw

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead to remote code execution on the device. If an end user inserts a flash drive with a malicious...

Command injection

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device. The username parameter used when configuring smb functionality for the device is vulnerable to command injection as root...

CVE-2021-20173

Netgear Nighthawk R6700 router (firmware 1.0.4.120) is affected by a command-injection vulnerability in the update functionality exposed via the SOAP interface. A system update check can be triggered with preconfigured values to inject commands. Root cause: insecure handling in the update/SOAP pa...