Adobe Illustrator out-of-bounds read vulnerability

Adobe Illustrator is a vector-based image creation software from Adobe, Inc. An out-of-bounds read vulnerability exists in Adobe Illustrator, which could be exploited to trick victims into opening a carefully constructed file, triggering an out-of-bounds read error and reading the contents of...

Halo 跨站脚本漏洞

Halo is a personal blogging system for individual developers. Halo suffers from a cross-site scripting vulnerability that originates in Halo, versions v1.0.0 through v1.4.17 latest, which is susceptible to cross-site scripting XSS stored in configuration file images that can be exploited to uploa...

Mozilla: Browser window spoof using fullscreen mode

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When navigating from inside an iframe while requesting full screen access, an attacker-controlled tab could have made the browser unable to leave full screen mode...

The vulnerability of the `__rds_conn_create()` function in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the rdsconncreate function net/rds/connection.c in the Linux operating system is related to memory release errors. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2022-21823

A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control 2021.2 10.7.30.0 that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector...

CVE-2022-21823

A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control 2021.2 10.7.30.0 that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector...

CVE-2021-23543

All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector...

Ivanti Workspace Control 安全漏洞

Ivanti Workspace Control RES One Workspace is a set of workspace control software from Ivanti, USA. The software includes features such as user management, application management and report management. A security vulnerability exists in versions prior to Ivanti Workspace Control 2021.2 10.7.30.0,...

Samsung Reminder App 代码注入漏洞

Samsung Reminder App is a reminder application from Samsung South Korea that comes pre-installed on Korean branded Samsung devices. The Samsung Reminder App suffers from a security vulnerability that allows an attacker to perform privileged actions by hijacking and modifying intent...

Online Railway Reservation System 1.0 - (id) SQL Injection Vulnerability

Exploit Title: Online Railway Reservation System 1.0 - 'id' SQL Injection Unauthenticated Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Software Link:...

Online Veterinary Appointment System 1.0 - (Multiple) SQL Injection Vulnerability

Exploit Title: Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15119/online-veterinary-appointment-system-using-phpoop-free-source-code.html Software Link:...

Online Veterinary Appointment System 1.0 SQL Injection

Exploit Title: Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection Date: 05/01/20222 Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15119/online-veterinary-appointment-system-using-phpoop-free-source-code.html Software Link:...

Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection

Exploit Title: Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection Date: 05/01/20222 Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15119/online-veterinary-appointment-system-using-phpoop-free-source-code.html Software Link:...

PT-2022-12364 · Apache · Apache Kylin

Name of the Vulnerable Software and Affected Versions: Apache Kylin versions 2.6.6 and prior Apache Kylin versions 3.1.2 and prior Apache Kylin versions 4.0.0 and prior Description: Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In th...

Hospitals Patient Records Management System 1.0 - Account TakeOver Vulnerability

Exploit Title: Hospitals Patient Records Management System 1.0 - Account TakeOver Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15116/hospitals-patient-records-management-system-php-free-source-code.html Software Link:...

CMSimple 5.4 - Cross Site Scripting Vulnerability

Exploit Title: CMSimple 5.4 - Cross Site Scripting XSS Exploit Author: heinjame Vendor Homepage: https://www.cmsimple.org/en/ Software Link: https://www.cmsimple.org/en/?Downloads Version: images Upload a file Attack vector '-alert1// need to encode ' When the victim clicks the delete button,an...

CMSimple 5.4 - Cross Site Scripting (XSS)

Exploit Title: CMSimple 5.4 - Cross Site Scripting XSS Date: 22/10/2021 Exploit Author: heinjame Vendor Homepage: https://www.cmsimple.org/en/ Software Link: https://www.cmsimple.org/en/?Downloads Version: images Upload a file Attack vector '-alert1// need to encode ' When the victim clicks the...

Hospitals Patient Records Management System 1.0 - (id) SQL Injection (Authenticated) Vulnerability

Exploit Title: Hospitalss Patient Records Management System 1.0 - 'id' SQL Injection Authenticated Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15116/hospitals-patient-records-management-system-php-free-source-code.html Software Link:...

Microsoft Sees Rampant Log4j Exploit Attempts, Testing

No surprise here: The holidays bought no Log4Shell relief. Threat actors vigorously launched exploit attempts and testing during the last weeks of December, Microsoft said on Monday, in the latest update to its landing page and guidance around the flaws in Apache’s Log4j logging library. “We have...

CVE-2021-39143

Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment don't override system...