65 matches found
CVE-2019-15436
The Samsung A8+ Android device with a build fingerprint of samsung/jackpot2ltexx/jackpot2lte:8.0.0/R16NW/A730FXXS4BSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app versionCode=7000000, versionName=7.0.0.0 that allows other pre-installed...
Code injection
The Samsung A8+ Android device with a build fingerprint of samsung/jackpot2ltexx/jackpot2lte:8.0.0/R16NW/A730FXXS4BSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app versionCode=7000000, versionName=7.0.0.0 that allows other pre-installed...
CVE-2019-15436
The Samsung A8+ Android device with a build fingerprint of samsung/jackpot2ltexx/jackpot2lte:8.0.0/R16NW/A730FXXS4BSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app versionCode=7000000, versionName=7.0.0.0 that allows other pre-installed...
CVE-2019-15436
The CVE pertains to Samsung A8+ (jackpot2ltexx/jackpot2lte:8.0.0 Release) where a pre-installed component in com.samsung.android.themecenter can be invoked by other pre-installed apps to install software. The surface requires signatureOrSystem permissions and is exploitable by any pre-installed a...
Arbitrary File Read Vulnerability in Zhiyuan A8-V5
Zhiyuan A8-V5 is a collaborative office platform that realizes efficient business management of enterprises. Zhiyuan A8-V5 has an arbitrary file read vulnerability that can be exploited by attackers to obtain sensitive information...
Remote Command Execution Vulnerability in Zhiyuan A8+ Collaboration Management Software
Zhiyuan Internet is a provider of collaboration management software and cloud services in China, specializing in the field of collaboration management software. A remote command execution vulnerability exists in Zhiyuan A8+ collaboration management software. An attacker can Getshell the target...
Beckhoff CX9020-011T Industrial Computer Detection
Binary data 763526.prm...
Rockwell Automation 1715-A8 Chassis
Binary data 753634.prm...
Google Allo Denial Of Service
Google Allo - Denial of Service, 0day My + Discovered by: KnocKout Greetz: Ne0-h4ck3r, BARCOD3, Septemb0x Contact : [email protected] - http://cyber-warrior.org Software info |Application : Google Allo |Affected Version : Latest version as of 03.12.2018 |Developer : http://www.google.com...
AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass
/ ======== Intro / Overview ======== After Michael Schwarz made some interesting observations, we started looking into variants other than the three already-known ones. I noticed that Intel's Optimization Manual says in section 2.4.4.5 "Memory Disambiguation": A load instruction micro-op may depe...
a8.fandal.cz XSS vulnerability
Open Bug Bounty ID: OBB-594351 Description| Value ---|--- Affected Website:| a8.fandal.cz Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
WAGO PFC 200 SERIES Multiple Vulnerabilities
Exploit for hardware platform in category local exploits VENDOR DESCRIPTION “The WAGO-I/O-SYSTEM is a flexible fieldbus-independent solution for decentralized automation tasks. With the relay, function and interface modules, as well as overvoltage protection, WAGO provides a suitable interface fo...
eservice.gov.bd XSS vulnerability
Open Bug Bounty ID: OBB-442714 Description| Value ---|--- Affected Website:| eservice.gov.bd Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...
Weak Password Vulnerability in Some Users of Zhiyuan Synergy A8 System
Zhiyuan A8 system is an OA office management software. A weak password vulnerability exists in some users of Zhiyuan Synergy A8 system. An attacker is allowed to utilize the weak password 123456 to log in to the system background and obtain administrator privileges...
Zhiyuan A8-V5 co-management system universal password vulnerability
No description provided by source...
致远A8协同系统存在任意用户密码修改漏洞(秒改)
简要描述: 不仅仅修改密码,还可以禁用、删除、添加用户 上传下载文件等等 详细说明: 协同系统的一些接口如下: 1.2 验证服务 服务名称:authorityService WSDL:http://host:port/seeyon/services/authorityService?wsdl 1.2.1 登录验证 ... 身份验证令牌实体(UserToken) ... 身份验证 使用用户名和密码进行身份验证。 用户名不能更改,必须使用 ,缺省密码为...
WordPress Sender 0.7 Cross Site Scripting / Cross Site Request Forgery Vulnerabilities
Exploit for php platform in category web applications WordPress Sender 0.7 Cross Site Scripting / Cross Site Request Forgery Vulnerabilities Plugin Name : Sender Effected Version : 0.7 and most probably lower version's if any Vulnerability : A3-Cross-Site Scripting XSS Identified by : Madhu Akula...
用友致远A8协同管理软件 status.jsp 敏感信息泄漏
致远A8-m协同管理软件,是一套可以帮助大型组织、集团型企业、政府单位以及涉外组织,解决上述问题的协同办公管理软件。 漏洞分析: 致远A8-m协同管理软件对敏感文件的访问控制不当导致大量敏感信息泄漏。 漏洞利用: http://x.x.x.x/seeyon/management/status.jsp 该地址为性能监控后台,存在未授权访问...
致远A8-V5协同管理软件日志信息泄露
致远A8-V5日志信息泄露,包括UC认证信息和ctp信息,ctp日志内含有密码信息一、ctp信息泄露包含系统内运行信息,如某某用户登录,某某用户操作功能等等http://a8v51.seeyon.com/seeyon/logs/ctp.log可以利用此处泄露信息获取系统内大量账户信息,包括密码信息二、UC认证信息泄露,包括token等信息http://a8v51.seeyon.com/seeyon/logs/uc.log如果UC配置在互联网或者本地恶意员工利用可以劫持UC登录。...
致远A8-V5存在任意用户密码修改漏洞
简要描述: 致远A8-V5存在两个漏洞 一是无视验证码撞库 二是任意用户密码修改 详细说明: 一是无视验证码撞库 致远A8-V5在设计时存在逻辑错误,用户修改密码时对原密码进行了验证,但是验证使用的服务存在未授权访问漏洞,系统对非合法请求的原密码验证功能进行回应,导致了无视验证码,无需login页面进行密码尝试 二是任意用户密码修改 致远A8-V5在设计时存在逻辑错误,在上一步对原始密码进行验证后,下一步不再检测原始密码,从而直接修改用户密码,导致平行权限的越权漏洞。 漏洞证明: 一是无视验证码撞库 POST穷举用户和密码代码如下 GET...