CVE-2023-28467

In MyBB before 1.8.34, there is XSS in the User CP module via the user email field...

PT-2023-21737 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB versions prior to 1.8.34 Description: The issue concerns a cross-site scripting XSS flaw in the User CP module, specifically via the user email field. This allows for potential malicious script execution. Recommendations: For versions...

MyBB 跨站脚本漏洞

MyBB MyBulletinBoard is a free and web-based forum software developed by MYBB team using PHP and MySQL. The software is easy to use, supports multiple languages, scalable and other features. A security vulnerability exists in MyBB versions prior to 1.8.34, which stems from a cross-site scripting...

MaxContribution check can be bypassed to give a card high voting power

Lines of code Vulnerability details Proof of Concept ReraiseETHCrowdfund tries limit the voting power of each card by doing a min/maxContribution check in claim and claimMultiple. uint96 contribution = votingPower 1e4 / exchangeRateBps; uint96 maxContribution = maxContribution; // Check that the...

Google aims to reduce data theft with app data and account deletions

Google has made multiple security improvements to the general operation of apps over the last 12 months or so. Its now a little easier to understand what apps want from you. Labels which indicate a level of trustworthiness for developers. Changes made to ensure old, abandoned apps will no longer...

CVE-2023-1078

A flaw was found in the Linux Kernel in RDS Reliable Datagram Sockets protocol. The rdsrmzerocopycallback uses listentry on the head of a list causing a type confusion. Local user can trigger this with rdsmessageput. Type confusion leads to struct rdsmsgzcopyinfo info actually points to something...

SUSE CVE-2014-4655

The sndctlelemadd function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the userctlcount value, which allows local users to cause a denial of service integer overflow and limit bypass by leveraging /dev/snd/controlCX acces...

Input validation

In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf...

CVE-2022-37190

CuppaCMS 1.0 is vulnerable to Remote Code Execution RCE. An authenticated user can control both parameters action and function from "/api/index.php...

CVE-2022-39206 CI/CD Docker Escape in OneDev

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket e.g. /var/run/docker.sock on Linux is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a project could use this to control the Docker daem...

node-import `params` argument can be controlled by users without any sanitization

This affects all versions of package node-import. The params argument of module function can be controlled by users without any sanitization. This is then provided to the “eval” function located in line 79 in the index file index.js...

Session fixation

This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization...

CVE-2020-7678

node-import is vulnerable to Arbitrary Code Execution: the params argument can be provided by users without sanitization and is passed to eval in index.js (line 79), affecting all versions. A PoC exists demonstrating code execution, and no fixed version is available. Practical remediation is to r...

Brave Now Lets You Customize Search Results—for Better or Worse

The privacy-focused company's new Goggles tool allows users to weed out the noise—whatever that might mean...

New Privacy Framework for IoT Devices Gives Users Control Over Data Sharing

A newly designed privacy-sensitive architecture aims to enable developers to create smart home apps in a manner that addresses data sharing concerns and puts users in control over their personal information. Dubbed Peekaboo by researchers from Carnegie Mellon University, the system "leverages an...

go-restful 安全漏洞

go-restful is a package for building REST style web services using Google Go. A security vulnerability exists in go-restful v3.8.0 and earlier, which originates from an authorization bypass via a user control key in go-restful...

Improper Neutralization of Input During Web Page Generation in Jenkins

The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting XSS vulnerability exploitable by users with the ability to control job names...

GitLab Uninitialized Admin Password (HTTP) - Active Check

The remote GitLab instance is not initialized with an admin password. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2022-25328 Privilege escalation through command injection in fscrypt

The bashcompletion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoin...

Unspecified vulnerability in livehelperchat (CNVD-2022-13348)

livehelperchat is available through live helper chat and can be used to provide live support on the website for free. A security vulnerability exists in versions prior to livehelperchat 3.92v that stems from a user control key authorization bypass. No details of the vulnerability are provided at...