Lucene search
+L

86 matches found

wpexploit
wpexploit
added 2023/07/24 12:0 a.m.155 views

Simple Author Box < 2.52 - Contributor+ Arbitrary User Information Disclosure via IDOR

Description The plugin does not verify a user ID before outputting information about that user, leading to arbitrary user information disclosure to users with a role as low as Contributor. 1. Create a new Post as a Contributor user. 2. Add the "Simple Author Box" block. 3. Intercept the request t...

4.3CVSS4.9AI score0.0043EPSS
Exploits2References1
nvd
nvd
added 2023/06/28 6:15 p.m.17 views

CVE-2023-21168

In convertCbYCrY of ColorConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android...

5.5CVSS5.1AI score0.00092EPSS
Exploits0References1
nvd
nvd
added 2023/06/28 6:15 p.m.21 views

CVE-2023-21170

In executeSetClientTarget of ComposerCommandEngine.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

4.4CVSS4.3AI score0.00094EPSS
Exploits0References1
prion
prion
added 2023/06/28 6:15 p.m.11 views

Out-of-bounds

In convertCbYCrY of ColorConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android...

1.7CVSS5.1AI score0.00092EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2023/06/28 12:0 a.m.31 views

CVE-2023-21173

In multiple methods of DataUsageList.java, there is a possible way to learn about admin user's network activities due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.4AI score0.00111EPSS
Exploits0References1
nvd
nvd
added 2023/06/27 3:15 p.m.30 views

CVE-2023-36000

A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. Al...

6.5CVSS6.4AI score0.0031EPSS
Exploits0References2
nvd
nvd
added 2023/05/10 3:15 p.m.44 views

CVE-2023-27564

The n8n package 0.218.0 for Node.js allows Information Disclosure...

7.5CVSS7.6AI score0.01214EPSS
Exploits2References3
nvd
nvd
added 2023/03/24 8:15 p.m.31 views

CVE-2022-20467

In isBluetoothShareUri of BluetoothOppUtility.java, there is a possible incorrect file read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11...

5.5CVSS5.1AI score0.00102EPSS
Exploits0References1
cve
cve
added 2023/03/24 12:0 a.m.87 views

CVE-2023-21044

CVE-2023-21044 relates to the Android kernel and the initialization of VendorGraphicBufferMeta. The issue is an out-of-bounds read caused by a missing bounds check in init, enabling potential local information disclosure with System execution privileges required. Exploitation is described as loca...

4.4CVSS4.3AI score0.00094EPSS
Exploits0References1Affected Software1
osv
osv
added 2023/03/01 12:0 a.m.34 views

ASB-A-225880741

In isBluetoothShareUri of BluetoothOppUtility.java, there is a possible incorrect file read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

5.5CVSS5.1AI score0.00102EPSS
Exploits0References2
openvas
openvas
added 2023/02/02 12:0 a.m.26 views

Microsoft .NET Framework Information Disclosure Vulnerability (KB5020690)

This host is missing an important security update according to Microsoft KB5020690 Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

5.8CVSS6AI score0.00747EPSS
Exploits0References1
cvelist
cvelist
added 2023/01/05 12:0 a.m.25 views

CVE-2023-22626

PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server...

7.5AI score0.00831EPSS
Exploits1References1
nvd
nvd
added 2022/12/21 5:15 p.m.17 views

CVE-2022-44756

Insights for Vulnerability Remediation IVR is vulnerable to improper input validation. This may lead to information disclosure. This requires privileged access...

6.5CVSS0.00402EPSS
Exploits0References1
nvd
nvd
added 2022/12/16 4:15 p.m.33 views

CVE-2022-20515

In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS0.00167EPSS
Exploits0References1
nvd
nvd
added 2022/12/13 4:15 p.m.37 views

CVE-2022-20466

In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user's password on a secondary display due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is...

5.5CVSS0.00104EPSS
Exploits0References1
nvd
nvd
added 2022/12/13 4:15 p.m.25 views

CVE-2022-20471

In SendIncDecRestoreCmdPart2 of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-...

5.5CVSS0.0013EPSS
Exploits0References1
prion
prion
added 2022/12/13 4:15 p.m.20 views

Design/Logic Flaw

In setDataSource of initMediaExtractor.cpp, there is a possibility of arbitrary code execution due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

1.7CVSS5.8AI score0.0013EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2022/11/21 12:0 a.m.24 views

CVE-2022-45470 Apache Hama allows XSS and information disclosure

missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed...

7.6AI score0.01238EPSS
Exploits0References2
nvd
nvd
added 2022/08/12 3:15 p.m.17 views

CVE-2022-20332

In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS0.00095EPSS
Exploits0References1
cvelist
cvelist
added 2022/08/11 3:24 p.m.24 views

CVE-2022-20311

In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Andro...

4.9AI score0.00089EPSS
Exploits0References1
Rows per page
Query Builder