SAMSUNG Mobile devices 安全特征问题特征问题漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from South Korea's Samsung SAMSUNG. A security signature issue vulnerability exists in SAMSUNG Mobile devices SMR prior to AUG-2021 Release 1, which stems from an IV reuse vulnerability in keymaste...

Cross-Site Request Forgery (CSRF) in zhongshaofa/easyadmin

✍️ Description Attacker able to delete any menu with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...

Adobe Illustrator 2021 post-release reuse vulnerability (CNVD-2021-74115)

Adobe Illustrator 2021 is a vector drawing software. A security vulnerability exists in Adobe Illustrator 2021 25.2.3 and earlier versions when handling specially crafted files. An attacker can exploit the vulnerability to read arbitrary file systems...

GitLab: Stored XSS via Mermaid Prototype Pollution vulnerability

Summary I am continue investigating 1106238 and found additional vector for prototype pollution and stored xss. Steps to reproduce 1. Create an issue in any repository 2. Create mermaid diagram with following payload: %%init: 'proto': 'template': '' %% %%init: 'proto': 'template': '' %%...

Use of a Broken or Risky Cryptographic Algorithm in serghey-rodin/vesta

✍️ Description uniqid does not generate cryptographically secure strings, even if it did, supplying it with mtrand would render it insecure as an attacker would be able to gain access to a victim's account by simply knowing when they logged in, this could be used as a mass-account-takeover vector...

CVE-2021-3159

A stored cross site scripting XSS vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG, SHTML, or MHT file...

Landray EKP 跨站脚本漏洞

Landray EKP is an office automation solution that enables companies to easily model and manage... A cross-site scripting vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 could allow an attacker to execute arbitrary web script or HTML via a crafted...

CVE-2021-26699

OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used...

CVE-2021-2363

Vulnerability in the Oracle Public Sector Financials International product of Oracle E-Business Suite component: Authorization. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

Design/Logic Flaw

Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access vi...

CVE-2021-2448

Vulnerability in the Oracle Financial Services Crime and Compliance Investigation Hub product of Oracle Financial Services Applications component: Reports. The supported version that is affected is 20.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the...

CVE-2021-2433

Vulnerability in the Essbase Analytic Provider Services product of Oracle Essbase component: Web Services. Supported versions that are affected are 11.1.2.4 and 21.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Analytic...

CVE-2021-2424

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2021-2371

CVE-2021-2371 affects Oracle Coherence (Core) within Oracle Fusion Middleware. Affected versions: 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0. An unauthenticated attacker with network access via T3/IIOP can cause the Coherence service to hang or crash (complete DoS). CVSS v3.1 base sc...

grub2: Heap out-of-bounds write due to miscalculation of space required for quoting

A flaw was found in grub2. Setparamprefix in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in th...

16-Year-Old HP Printer-Driver Bug Impacts Millions of Windows Machines

Researchers have released technical details on a high-severity privilege-escalation flaw in HP printer drivers also used by Samsung and Xerox, which impacts hundreds of millions of Windows machines. If exploited, cyberattackers could bypass security products; install programs; view, change, encry...

CVE-2021-0295

The CVE-2021-0295 issue affects Juniper Networks Junos OS on QFX10K Series switches (e.g., QFX10002/10008/10016). It’s caused by DVMRP packets looping on a multi-homed ESI when VXLAN is configured, leading to a packet forwarding loop that triggers a partial DoS. Affected versions include multiple...

CVE-2021-33212

A Cross-site scripting XSS vulnerability in the "View in Browser" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SVG image...

Adobe Illustrator 2021 Post-release Reuse Vulnerability

Adobe Illustrator 2021 is a vector graphics software. Adobe Illustrator 2021 25.2.3 and earlier versions are vulnerable to a post-release reuse vulnerability. An attacker could exploit this vulnerability to read arbitrary file systems...

Adobe Illustrator 2021 out-of-bounds write vulnerability (CNVD-2021-55964)

Adobe Illustrator 2021 is a vector graphics software. Adobe Illustrator 2021 25.2.3 and earlier versions are vulnerable to an out-of-bounds write vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...