147 matches found
CVE-2024-28421
CVE-2024-28421 affects Razor 0.8.0. The vulnerability is a SQL Injection in ChannelModel::updateapk within channelmodle.php, which could let a remote attacker escalate privileges. In confirmed third-party sources, mitigation guidance for Razor v0.8.0 includes disabling the ChannelModel::updateapk...
CVE-2024-28421
SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to escalate privileges via the ChannelModel::updateapk method of the channelmodle.php...
CVE-2024-28421
SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to escalate privileges via the ChannelModel::updateapk method of the channelmodle.php...
Razor 安全漏洞
Razor is a powerful open source mobile analytics system open-sourced by Cobub China. A security vulnerability exists in Razor version 0.8.0. A remote attacker exploited the vulnerability to escalate privileges via the ChannelModel::updateapk method in channelmodle.php...
PT-2024-22425 · Razor · Razor
Name of the Vulnerable Software and Affected Versions: Razor version 0.8.0 Description: The issue allows a remote attacker to escalate privileges via the ChannelModel::updateapk method of the channelmodle.php. This is a SQL Injection vulnerability. Recommendations: For Razor version 0.8.0, consid...
prebid.org Cross Site Scripting vulnerability OBB-3869875
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
SideWinder’s Nim Backdoor Spells Trouble for South Asian Nations
Summary: SideWinder, also known as Razor Tiger, commenced its offensive operations in 2012 and has recently shifted its focus to targeting Bhutan. It employs deceptive content, ultimately executing the Nim Backdoor. The decoy content utilized in the sample is directly sourced from announcements...
CVE-2022-47632
Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed a...
SideWinder APT Using New WarHawk Backdoor to Target Entities in Pakistan
SideWinder, a prolific nation-state actor mainly known for targeting Pakistan military entities, compromised the official website of the National Electric Power Regulatory Authority NEPRA to deliver a tailored malware called WarHawk. "The newly discovered WarHawk backdoor contains various malicio...
CVE-2022-36747
Razor v0.8.0 was discovered to contain a cross-site scripting XSS vulnerability via the function uploadchannel...
CVE-2022-36747
Razor v0.8.0 was discovered to contain a cross-site scripting XSS vulnerability via the function uploadchannel...
CVE-2022-36747
Razor v0.8.0 was discovered to contain a cross-site scripting XSS vulnerability via the function uploadchannel...
Cross site scripting
Razor v0.8.0 was discovered to contain a cross-site scripting XSS vulnerability via the function uploadchannel...
CVE-2022-36747
Razor v0.8.0 was discovered to contain a cross-site scripting XSS vulnerability via the function uploadchannel...
CVE-2022-36747
Razor v0.8.0 contains a cross-site scripting (XSS) vulnerability in the uploadchannel() function (CVE-2022-36747). The issue affects Razor version 0.8.0 and is caused by insecure handling in the uploadchannel() path, enabling attacker-controlled input to be reflected in the web context. Public re...
PT-2022-23600 · Razor · Razor
Name of the Vulnerable Software and Affected Versions: Razor version 0.8.0 Description: The issue is related to a cross-site scripting XSS vulnerability. It affects the uploadchannel function, allowing for potential exploitation. Recommendations: For Razor version 0.8.0, consider disabling the...
Razor 跨站脚本漏洞
Razor is a powerful open source mobile analytics system open-sourced by Cobub in China. A security vulnerability exists in Razor version v0.8.0, which originated from the discovery of a cross-site scripting XSS vulnerability via the function uploadchannel...
CVE-2021-44226
Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there...
Antaris RazorEngine has an unspecified vulnerability
Antaris RazorEngine is an open source templating engine based on Microsoft's Razor parsing engine from Matthew Abbott, a personal developer in the U.K. Antaris RazorEngine contains a security vulnerability that could be exploited by attackers to execute arbitrary .NET code in a sandboxed...
Denial of Service Vulnerability in Razor Sports App
ThunderSpeed Sports APP client provides accurate tournament information, live scores, live animation, tournament data analysis, tournament information and other services for soccer, basketball, tennis and e-sports enthusiasts. There is a denial-of-service vulnerability in RazorSports APP, which c...