PT-2024-10348 · Drupal · Drupal Responsive/Off-Canvas Menu

Name of the Vulnerable Software and Affected Versions: Drupal Responsive and off-canvas menu versions 0.0.0 through 4.4.3 Description: The issue is related to an Incorrect Authorization vulnerability in the Drupal Responsive and off-canvas menu, which allows for Forceful Browsing. This means that...

Responsive and off-canvas menu - Moderately critical - Access bypass - SA-CONTRIB-2024-030

This module integrates the mmenu library with Drupal's menu system with the aim of having an off-canvas mobile menu and a horizontal menu at wider widths. The module doesn't respect custom node access restrictions implemented through hookENTITYTYPEaccess hooks meaning the titles of restricted nod...

SpringBlade SQL注入漏洞

SpringBlade is a microservices development platform from Blade, a Chinese company. A SQL injection vulnerability exists in SpringBlade version 4.1.0, which originates from /api/blade-system/menu/list?updatexml contains a SQL injection vulnerability...

Exploit for SQL Injection in Pricelisto Great_Restaurant_Menu_Wp

CVE-2024-38793-PoC Proof of Concept code for exploitation of C...

PT-2024-28224 · Pricelisto · Best Restaurant Menu By Pricelisto

Name of the Vulnerable Software and Affected Versions: PriceListo Best Restaurant Menu by PriceListo versions 1.4.1 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows attackers to...

CVE-2023-20578

A TOCTOU Time-Of-Check-Time-Of-Use in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution...

CVE-2021-46772

Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service...

CVE-2021-26387

Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity...

CVE-2023-20518

Incomplete cleanup in the ASP may expose the Master Encryption Key MEK to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality...

CVE-2023-20518

Incomplete cleanup in the ASP may expose the Master Encryption Key MEK to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality...

CVE-2021-46772

Summary: CVE-2021-46772 describes insufficient input validation in the ABL that may allow a privileged attacker with BIOS/UEFI access to tamper with SPI ROM headers, causing out-of-bounds reads/writes and memory corruption or DoS. The Connected documents provide concrete mitigation details from A...

CVE-2021-46772

Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service...

CVE-2021-26387

Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity...

CVE-2021-26387

Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity...

CVE-2021-26387

CVE-2021-26387 describes insufficient access controls in the AMD ASP kernel that could allow a privileged attacker with access to AMD signing keys and BIOS/UEFI shell to map DRAM regions into protected areas, risking platform integrity. Public documents indicate this CVE is tracked within AMD sec...

Dolphin 7.4.2 Blind SQL Injection Vulnerability

Exploit Title: Blind SQL Injection - dolphinv7.4.2. Date: 8/2024 Exploit Author: Andrey Stoykov Version: 7.4.2 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/07/friday-fun-pentest-series-8-dolphinv742.html SQL Injection: Steps to Reproduce: 1. Navigate to "Builders" menu 2. Th...

CVE-2024-43113

The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS 129...

CVE-2024-43113

The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS 129...

CVE-2024-43113

The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS 129...

UBUNTU-CVE-2024-43113

The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS 129...