347 matches found
CVE-2022-25328 Privilege escalation through command injection in fscrypt
The bashcompletion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoin...
Unspecified vulnerability in livehelperchat (CNVD-2022-13348)
livehelperchat is available through live helper chat and can be used to provide live support on the website for free. A security vulnerability exists in versions prior to livehelperchat 3.92v that stems from a user control key authorization bypass. No details of the vulnerability are provided at...
CVE-2022-23580 Abort caused by allocating a vector that is too large in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, a...
Siemens SINEC NMS Arbitrary File Deletion Vulnerability
SINEC NMS, a network management system from Siemens for monitoring and managing industrial networks, is vulnerable to arbitrary file deletion in versions prior to SINEC NMS 1.0 SP2 Update 1. An attacker could use this vulnerability to delete arbitrary files or directories in the user control path...
Siemens SINEC NMS 路径遍历漏洞
SINEC NMS, a network management system from Siemens for monitoring and managing industrial networks, is vulnerable to arbitrary file deletion in versions prior to SINEC NMS 1.0 SP2 Update 1. An attacker could use this vulnerability to delete arbitrary files or directories in the user control path...
Microsoft’s 5 guiding principles for decentralized identities
Three years ago, as part of Microsoft’s mission to empower people and organizations to achieve more, we announced that we were incubating a new set of decentralized identity technologies based on a simple vision: Each of us needs a digital identity we own, one which securely and privately stores...
Pet Shop Management System 1.0 Privilege Escalation / Shell Upload
!/usr/bin/python3 Exploit Title: Pet Shop Management System v1.0 - Authenticated Privilege Escalation to Remote Code Execution Exploit Author: Oscar Gutierrez m4xp0w3r Date: October 01, 2021 Vendor Homepage:...
SES-by-oretnom23 -v1.0-SQL-Injection-bypass-Login
The SES-byoretnom23 -v1.0 is vulnerable in the application /elearning/classes/Login.php which is called from /elearning/dist/js/script.js app. The parameter username from the login form is not protected correctly and there is no security and escaping from malicious payloads. When the user is...
Stack overflow
Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to memcpy copying the path provided by the user into a staticly sized buffer without any length checks resulting in a stack-buffer overflo...
CVE-2021-21813
Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to memcpy copying the path provided by the user into a staticly sized buffer without any length checks resulting in a stack-buffer overflo...
CVE-2021-29594
TensorFlow is an end-to-end open source platform for machine learning. TFLite's convolution codehttps://github.com/tensorflow/tensorflow/blob/09c73bca7d648e961dd05898292d91a8322a9d45/tensorflow/lite/kernels/conv.cc has multiple division where the divisor is controlled by the user and not checked ...
CVE-2021-29594 Division by zero in TFLite's convolution code
TensorFlow is an end-to-end open source platform for machine learning. TFLite's convolution codehttps://github.com/tensorflow/tensorflow/blob/09c73bca7d648e961dd05898292d91a8322a9d45/tensorflow/lite/kernels/conv.cc has multiple division where the divisor is controlled by the user and not checked ...
OS Command Injection in docker-compose-remote-api
docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within index.js of the package, the function execserviceName, cmd, fnStdout, fnStderr, fnExit uses the variable serviceName which can be controlled by users without any sanitization...
NodeBB Emoji 3.2.1 Arbitrary FIle Write
Exploit Title: NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write Date: 2021-02-01 Exploit Author: 1F98D Software Link: https://nodebb.org/ Version: Emoji for NodeBB ', r.text, re.IGNORECASE if csrf is None: print'! Could not extract csrf token to proceed.' sys.exit1 auth = 'username': USERNAME,...
Ruby: Path traversal in Tempfile on windows OS due to unsanitized backslashes
Hi team, Summary We've noticed that both arguments basename and ext of Tempfile on Windows are vulnerable to a path traversal which could allow unintentional file creating in arbitrary writable directories. Tempfile often has a user control either by basename or ext or both. PoC irbmain:029:0...
Design/Logic Flaw
A flaw was found in Infinispan org.infinispan:infinispan-server-runtime version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion...
Ring's Flying In-Home Camera Drone Escalates Privacy Worries
Ring’s newly announced robot drone – a connected device that flies around homes taking security footage – is causing privacy experts’ concerns to take off. Amazon on Thursday unveiled the Always Home Cam as part of its Ring division, which will cost $249.99 and starts shipping next year. The...
GHSA-7696-QR5Q-PG37 Malicious Package in zs-sha3
Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised...
GHSA-JH67-3WQW-CVHR Malicious Package in js-sxa3
Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised...
Malicious Package in js-shi3
Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised...