36 matches found
Design/Logic Flaw
Sewio’s Real-Time Location System RTLS Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the backup services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system...
Arbitrary msg.sender can execute recordPaymentFrom, recordRedemptionFor, recordDistributionFor, recordUsedAllowanceOf, recordAddedBalanceFor. Malicious terminal may be passed to inject logic to data store.
Lines of code Vulnerability details Impact Arbitrary msg.sender can execute recordPaymentFrom, recordRedemptionFor, recordDistributionFor, recordUsedAllowanceOf, recordAddedBalanceFor. Malicious terminal may be passed to inject logic to data store. If data store is using custom logic that doesn't...
CVE-2020-14117
A improper permission configuration vulnerability in Xiaomi Content Center APP. This vulnerability is caused by the lack of correct permission verification in the Xiaomi content center APP, and attackers can use this vulnerability to invoke the sensitive component functions of the Xiaomi content...
Samsung Screwed Up Encryption on 100M Phones
Samsung shipped an estimated 100 million smartphones with botched encryption, including models ranging from the 2017 Galaxy S8 on up to last year’s Galaxy S21. Researchers at Tel Aviv University found what they called “severe” cryptographic design flaws that could have let attackers siphon the...
Xiaomi community licensing issue vulnerability
Xiaomi Community, an official user community application of Xiaomi, China, is vulnerable to an authorization issue in versions prior to 3.0.210809, which stems from the exposure of some js interfaces. An attacker could use this vulnerability to maliciously invoke sensitive functions...
CVE-2020-14130
Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version 3.0.210809...
CVE-2020-14130
Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version 3.0.210809...
CVE-2020-14130
Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version 3.0.210809...
CVE-2020-13185
Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials...
CVE-2020-13185
Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials...
Legal Robot: Rate limiting on Email confirmation link
Security researcher discovered a potential issue where no rate limiting was applied to sensitive functions, like email reconfirmation links...
Legal Robot: Rate limiting on password reset links
Security researcher discovered a potential issue where no rate limiting was applied to sensitive functions, like password reset links...
ZPanel <= 10.0.1 CSRF, XSS, SQLi, Password Reset
No description provided by source. Exploit Title: ZPanel = 10.0.1 CSRF, XSS, SQLi, Password Reset Date: 04/11/2012 Exploit Author: pcsjj Vendor Homepage: http://www.zpanelcp.com/ Version: 10.0.1 Software Link: http://sourceforge.net/projects/zpanelcp/files/latest/download Downloads: 90,382 CVE :...
Symantec Messaging Gateway 9.5.3-3 CSRF Vulnerability
No description provided by source. ======= Summary ======= Name: Symantec Messaging Gateway - Easy CSRF to add a backdoor-administrator for example Release Date: 30 November 2012 Reference: NGS00263 Discoverer: Ben Williams [email protected] Vendor: Symantec Vendor Reference: Systems...
Plone Security Bypass
The version of Plone on the remote host fails to require authentication to access several sensitive functions. Plone is built on top of Zope, which maps Python objects and their methods to URLs. Methods can have security restrictions, such as requiring a login account or a specific privilege leve...
typecho blog system store cross-site vulnerability&easy to get webshell-vulnerability warning-the black bar safety net
author:hiphop qq group:5 2 9 3 8 7 2 2 转 帖 请 附上 来源 :http://hi.baidu.com/securehiphop/blog/item/f5b3627a1768bcfc0ad187f5.html Today Wake up in the morning eat Breakfast go to download a set of blogs to look at In the admin backend post post place found to the title place the title didn't do better...