CVE-2022-0885

The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments...

User can call liquidate() and steal all collateral due to arbitrary router call

Lines of code Vulnerability details Impact A malicious user is able to steal all collateral of an unhealthy position in PARMinerV2.sol. The code for the liquidate function is written so that the following steps are followed: User calls PARMinerV2.liquidate PARMinerV2 performs the liquidation with...

CVE-2022-1020 Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call

The Product Table for WooCommerce wooproducttable WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing...

WordPress plugin WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

Pear Admin Think 跨站脚本漏洞

Pear Admin Think is a rapid development platform based on thinkphp6 that allows you to quickly build your functional business with simple code generation functionality. pear Admin Think 5.0.6 and prior versions contain a cross-site scripting vulnerability that stems from the program's lack of dat...

Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call

The plugin does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or o...

Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call

The plugin does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or o...

Command Execution Vulnerability in Yimin Love Stocks

Yimeng love stock speculation is Yimeng efforts to create, the first support for stock speculation personality customization of lightweight stock speculation software. The EML AiShaoware has a command execution vulnerability that can be exploited by an attacker to inject an executable DLL file in...

Command Execution Vulnerability in Pleasant Book PDF Reader

Yuet Book PDF Reader is a Shenzhen Ivy Technology Co., Ltd. developed a universal PDF reader, support for PDF, pictures, PSD, office documents, programming documents, such as tens of thousands of file formats, work and study a good helper. Yuet Book PDF Reader there is a command execution...

MediaWiki 安全漏洞

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.35.1 and earlier...

postgresql: Multiple features escape "security restricted operation" sandbox

A flaw was found in postgresql. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

Shenzhen Xunlei Network Technology Co., Ltd. Xunlei online game gas pedal has dll hijacking vulnerabilities

Xunlei online game gas pedal is Xunlei company launched a special software for the majority of online game players. Shenzhen Xunlei Network Technology Co., Ltd Xunlei online game gas pedal dll hijacking vulnerability, attackers can use the loophole in the client process to inject executable DLL...

DLL hijacking vulnerability in Mint Accelerator of Wuhan Mint Technology Co.

Mint Accelerator is a network acceleration software designed to enhance cross-region game acceleration, web browsing, music appreciation, and video viewing. Wuhan Mint Technology Co. Mint Accelerator suffers from a DLL hijacking vulnerability, which can be exploited by an attacker to inject an...

CC Live pc client software suffers from DLL hijacking vulnerability

NetEase cc live is a free voice client software launched by NetEase, it can bring the majority of online chat entertainment enthusiasts and gamers more convenient voice services. CC live pc client software DLL hijacking vulnerability, allowing attackers to exploit the vulnerability in the client...

SUSE-SU-2019:2158-1 Security update for postgresql94

This update for postgresql94 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner bsc1145092...

Apache 2.4.17 2.4.38 - apache2ctl graceful logrotate Local Privilege Escalation

Apache 2.4.17 2.4.38 - apache2ctl graceful logrotate Local Privilege Escalation ?php CARPE DIEM: CVE-2019-0211 Apache Root Privilege Escalation Charles Fol @cfreal 2019-04-08 INFOS https://cfreal.github.io/carpe-diem-cve-2019-0211-apache-local-root.html USAGE 1. Upload exploit to Apache HTTP serv...

Internet Bug Bounty: Apache HTTP [2.4.17-2.4.38] Local Root Privilege Escalation

Hello, I reported a Local Root privilege escalation vulnerability on Apache HTTPd at the beginning of the year. Apache has now patched it, as you can see here. The vulnerability affects modprefork, modevent, and modworker, the most used mods on Linux. Basically, this is an arbitrary function call...

Unauthorized Addition Of Functions

github.com/alexellis/faas does not have a basic security UI implemented. Any user with access to the UI can add any arbitrary function...

Windows Capcom.sys Kernel Execution Exploit (x64 only)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/post/windows/reflectivedllinjection' require 'rex' class MetasploitModule 'Windows Capcom.sys Kernel Execution Exploit x64 only',...

Windows Capcom.sys Kernel Execution Exploit (x64 only)

This module abuses the Capcom.sys kernel driver's function that allows for an arbitrary function to be executed in the kernel from user land. This function purposely disables SMEP prior to invoking a function given by the caller. This has been tested on Windows 7, 8.1, 10 x64 and Windows 11 x64...