Lucene search
+L

194 matches found

Tenable Nessus
Tenable Nessus
added 2023/10/13 12:0 a.m.62 views

Microsoft Edge (Chromium) < 118.0.2088.46 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.46. It is, therefore, affected by multiple vulnerabilities as referenced in the October 13, 2023 advisory. - Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker...

8.8CVSS6.8AI score0.0126EPSS
Exploits0References18
Huntr
Huntr
added 2023/08/27 9:44 p.m.18 views

Account takeover via password reset

Description An attacker could predict all future password reset tokens due to the use of RandomStringUtils.randomAlphanumeric in PasswordService. An attacker could crack the random number generator RNG seed from a password reset token, then perform password resets on their and the victim’s...

6.9AI score
Exploits0References3
Talos Blog
Talos Blog
added 2023/07/06 3:38 p.m.46 views

Taking over Milesight UR32L routers behind a VPN: 22 vulnerabilities and a full chain

Cisco Talos discovered 17 vulnerabilities 63 CVEs in the Milesight UR32L router and five vulnerabilities six CVEs in the Milesight MilesightVPN remote access solution software. An attacker could exploit the vulnerabilities discovered to completely compromise the UR32L and MilesightVPN. This post...

7.5CVSS9.4AI score0.05776EPSS
Exploits26
Huntr
Huntr
added 2023/05/13 2:7 p.m.58 views

IDOR 漏洞使得攻击者可以在一个组织内任意添加、删除、修改工作空间

Proof of Concept 1 系统中存在两个组织,team1和team2 2 用户user1是 team1 的管理员, 不是team2的管理员 3 用户1在team1中创建工作空间,名为workspace1. 4 用户1使用burpsuit拦截请求,在请求中将team1的ID换成team2的ID 5 查看请求,结果显示成功,用户1可以在team2中任意创建工作空间。 复现视频:https://1drv.ms/v/s!Avwg5C1eKVA4gispbgvOYQkvQ9KP?e=4yimBo...

3.3CVSS6.9AI score0.00676EPSS
Exploits1
OSV
OSV
added 2023/03/30 8:16 p.m.83 views

GHSA-7X45-PHMR-9WQP Arbitrary file write in mindsdb when Extracting Tarballs retrieved from a remote location

Summary An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip variant. Details Unpacking files using the...

8.5CVSS8.7AI score0.00883EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2023/03/30 8:16 p.m.23 views

Arbitrary file write in mindsdb when Extracting Tarballs retrieved from a remote location

Summary An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip variant. Details Unpacking files using the...

8.8CVSS8.6AI score0.00883EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2023/03/01 5:15 p.m.43 views

CVE-2023-0460

The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a remote context is created with the flags Context.CONTEXTINCLUDECODE | Context.CONTEXTIGNORESECURITY. This allows the client app to remotely load code from YouTube Main App by retrieving the Main App’s...

7.3CVSS6.2AI score0.00111EPSS
Exploits0References1
OSV
OSV
added 2023/02/16 2:12 p.m.20 views

GHSA-MHGM-52VG-PVVC Privilege escalation in Strongbox

Impact An attacker with read-only access to a Strongbox secret could craft a valid encrypted secret same id/version. It also makes the audit logs from KMS less useful. The issue is caused by a bug in the underlying AWS Encryption SDK. By default, the encrypted secrets are stored in DynamoDB and a...

6.6AI score
Exploits0References3
Code423n4
Code423n4
added 2023/01/30 12:0 a.m.10 views

Replayable signature in the mintReceipt function

Lines of code Vulnerability details Description In the mintReceipt function there is a check of the claimSignerAddress signature: if keccak256abi.encodePackedmsg.sender, questId != hash revert InvalidHash; if recoverSignerhash, signature != claimSignerAddress revert AddressNotSigned; The signatur...

6.8AI score
Exploits0
Imperva Blog
Imperva Blog
added 2023/01/11 1:0 p.m.55 views

Google Chrome “SymStealer” Vulnerability: How to Protect Your Files from Being Stolen

The Imperva Red Team recently disclosed a vulnerability, dubbed CVE-2022-3656, affecting over 2.5 billion users of Google Chrome and Chromium-based browsers. This vulnerability allowed for the theft of sensitive files, such as crypto wallets and cloud provider credentials. Introduction Chrome is...

9.2AI score0.01659EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/01/11 12:0 a.m.4 views

PT-2023-32992 · Phpxmlrpc · Phpxmlrpc

Name of the Vulnerable Software and Affected Versions: phpxmlrpc affected versions not specified Description: The issue can be exploited when specific methods such as Wrapper::buildClientWrapperCode, Wrapper::wrapXmlrpcServer, Wrapper::wrapXmlrpcMethod, or Wrapper::buildWrapMethodSource are used...

7.2AI score
Exploits0References5
Code423n4
Code423n4
added 2023/01/09 12:0 a.m.3 views

Unsigned tokenGasPriceFactor parameter

Lines of code Vulnerability details Description For the calculation of the amount of the token to be paid to the relayer tokenGasPriceFactor value is used. The corresponding logic is the following: payment = gasUsed + baseGas gasPrice / tokenGasPriceFactor; requiretransferTokengasToken, receiver,...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/01/09 12:0 a.m.16 views

Griefing attacks on handleOps and multiSend logic

Lines of code Vulnerability details Description The handleOps function executes an array of UserOperation. If at least one user operation fails the whole transaction will revert. That means the error on one user ops will fully reverts the other executed ops. The multiSend function reverts if at...

7AI score
Exploits0
OSV
OSV
added 2022/12/05 11:34 p.m.56 views

GHSA-78M5-JPMF-CH7V GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package

Summary Unsafe extracting using shutil.unpackarchive from a remotely retrieved tarball may lead to writing the extracted file to an unintended destination. Details Extracting files using shutil.unpackarchive from a potentially malicious tarball without validating that the destination file path is...

5.8CVSS6.1AI score0.00704EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2022/12/05 11:34 p.m.39 views

GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package

Summary Unsafe extracting using shutil.unpackarchive from a remotely retrieved tarball may lead to writing the extracted file to an unintended destination. Details Extracting files using shutil.unpackarchive from a potentially malicious tarball without validating that the destination file path is...

6.5CVSS0.6AI score0.00704EPSS
Exploits1References6Affected Software1
Huntr
Huntr
added 2022/11/21 5:39 a.m.24 views

Unauthorized access to settings update, logs , history, delete etc of repositories

Hey, Attack Scenario: Admin setups new user with User privileges and gives access to repos "/" root directory, after a time due to some reason he revoke the privileges of the directory access but user privileged attacker can still edit settings , check logs and view history without having...

7.5CVSS1.2AI score0.00789EPSS
Exploits1References1
Code423n4
Code423n4
added 2022/10/30 12:0 a.m.14 views

Approve front-running attack in DBR.sol

Lines of code Vulnerability details Impact An attacker could front-run an approve transaction to get an overall bigger amount approved. Proof of Concept This is the approve function of the DBR token. function approveaddress spender, uint256 amount public virtual returns bool...

6.8AI score
Exploits0
WPVulnDB
WPVulnDB
added 2022/10/18 12:0 a.m.10 views

Chat Bubble < 2.3 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape some contact parameters, which could allow unauthenticated attackers to set Stored Cross-Site Scripting payloads in them, which will trigger when an admin view the related contact message PoC Setup: - In the General Settings of the plugin, check the "Show...

6.1CVSS2.8AI score0.00526EPSS
Exploits2Affected Software1
Code423n4
Code423n4
added 2022/09/27 12:0 a.m.7 views

Injection into the mintlist merkle tree

Lines of code Vulnerability details Description There is claimGobbler function in ArtGobblers contract. It accepts proof as an array of bytes32 values and uses such a proof for the check whether msg.sender is available to claim a gobbler. But there is no check on the length of the proof, so it is...

6.6AI score
Exploits0
Huntr
Huntr
added 2022/09/22 6:50 a.m.18 views

Virual defacement allows attacker to display any message of his choice

Description This attack involves injecting malicious data into a page of a web application to feed misleading information to users of the application. This kind of attack is known as virtual defacement because the actual content hosted on the target's web server is not modified. The defacement is...

2.8CVSS1.2AI score0.00553EPSS
Exploits1References1
Rows per page
Query Builder