KLA12495 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges, spoof user interface. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Portals can be...

CVE-2022-24796

RaspberryMatic is a free and open-source operating system for running a cloud-free smart-home using the homematicIP / HomeMatic hardware line of IoT devices. A Remote Code Execution RCE vulnerability in the file upload facility of the WebUI interface of RaspberryMatic exists. Missing input...

Design/Logic Flaw

RaspberryMatic is a free and open-source operating system for running a cloud-free smart-home using the homematicIP / HomeMatic hardware line of IoT devices. A Remote Code Execution RCE vulnerability in the file upload facility of the WebUI interface of RaspberryMatic exists. Missing input...

CVE-2022-24796 Remote Command Injection in RaspberryMatic

RaspberryMatic is a free and open-source operating system for running a cloud-free smart-home using the homematicIP / HomeMatic hardware line of IoT devices. A Remote Code Execution RCE vulnerability in the file upload facility of the WebUI interface of RaspberryMatic exists. Missing input...

CVE-2022-23869

In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request...

CVE-2022-23869

In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request...

Cross site request forgery (csrf)

In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request...

CVE-2022-23869

In RuoYi v4.7.2 WebUI, there is a privilege-check bypass in password reset: user test1 cannot reset test3’s password per permissions, yet the /system/user/resetPwd endpoint can reset test3’s password, enabling unauthorized password-reset actions.

CVE-2022-23869

In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google Inc.V8 is one of the open source JavaScript engines. Google Chrome suffers from a resource management error vulnerability that exists due to a use-after-free error in the WebUI in Google Chrome. A remote attacker could trick a victim into visiting a...

BuilderTorCTPHPRAT.b Shell Upload

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/838f67d7a4b6824ec59892057aab3bb7B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BuilderTorCTPHPRAT.b Vulnerability: Arbitrary File Upload - RCE Family: TorCTPHPRAT Type: WebUI MD5...

BuilderTorCTPHPRAT.b Insecure Credential Storage

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/838f67d7a4b6824ec59892057aab3bb7.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BuilderTorCTPHPRAT.b Vulnerability: Insecure Credential Storage Description: The default password fo...

BuilderTorCTPHPRAT.b Cross Site Scripting

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/838f67d7a4b6824ec59892057aab3bb7C.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BuilderTorCTPHPRAT.b Vulnerability: Remote Persistent XSS Family: TorCTPHPRAT Type: WebUI MD5:...

Hades RAT Web Panel Insecure Credential Storage Vulnerability

Original source: https://malvuln.com/advisory/c4cc1317aea42f7dd4a1b786c5278a24.txt Contact: email protected Media: twitter.com/malvuln Threat: Hades RAT - Web Panel Vulnerability: Insecure Credential Storage Family: Hades Type: WebUI MD5: c4cc1317aea42f7dd4a1b786c5278a24 MD5:...

Hades RAT Web Panel Cross Site Scripting Vulnerability

Original source: https://malvuln.com/advisory/c4cc1317aea42f7dd4a1b786c5278a24C.txt Contact: email protected Media: twitter.com/malvuln Threat: Hades RAT - Web Panel Vulnerability: Remote Persistent XSS Family: Hades Type: WebUI MD5: c4cc1317aea42f7dd4a1b786c5278a24 MD5:...

Hades RAT Web Panel Cross Site Scripting

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/c4cc1317aea42f7dd4a1b786c5278a24C.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Hades RAT - Web Panel Vulnerability: Remote Persistent XSS Family: Hades Type: WebUI MD5:...

Loki RAT (Relapse) SQL Injection

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/aabb54951546132e70a8e9f02bf8b5baB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Loki RAT Relapse Vulnerability: SQL Injection Description: The LokiRAT WebUI panel for...

Loki RAT (Relapse) SQL Injection Vulnerability

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/aabb54951546132e70a8e9f02bf8b5baB.txt Contact: email protected Media: twitter.com/malvuln Threat: Loki RAT Relapse Vulnerability: SQL Injection Description: The LokiRAT WebUI panel for LokiRATRelapse.e...

Loki RAT (Relapse) Directory Traversal / Arbitrary File Deletion

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/aabb54951546132e70a8e9f02bf8b5ba.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Loki RAT Relapse Vulnerability: Directory Traversal - Arbitrary File Delete Description: The LokiRAT...

CosaNostra Builder WebPanel Insecure Cryptographic Storage Vulnerability

CosaNostra Builder WebPanel malware only uses straight MD5 to store passwords without any salt. Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/61285c988de52b7c067fb2e703f2ab83B.txt Contact: email protected Media: twitter.com/malvuln Threat:...