Mozilla: Browser window spoof using fullscreen mode

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When navigating from inside an iframe while requesting full screen access, an attacker-controlled tab could have made the browser unable to leave full screen mode...

The vulnerability of the `__rds_conn_create()` function in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the rdsconncreate function net/rds/connection.c in the Linux operating system is related to memory release errors. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2022-21823

A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control 2021.2 10.7.30.0 that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector...

CVE-2021-23543

All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector...

Online Railway Reservation System 1.0 - (id) SQL Injection Vulnerability

Exploit Title: Online Railway Reservation System 1.0 - 'id' SQL Injection Unauthenticated Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Software Link:...

Samsung Reminder App 代码注入漏洞

Samsung Reminder App is a reminder application from Samsung South Korea that comes pre-installed on Korean branded Samsung devices. The Samsung Reminder App suffers from a security vulnerability that allows an attacker to perform privileged actions by hijacking and modifying intent...

Ivanti Workspace Control 安全漏洞

Ivanti Workspace Control RES One Workspace is a set of workspace control software from Ivanti, USA. The software includes features such as user management, application management and report management. A security vulnerability exists in versions prior to Ivanti Workspace Control 2021.2 10.7.30.0,...

Online Veterinary Appointment System 1.0 - (Multiple) SQL Injection Vulnerability

Exploit Title: Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15119/online-veterinary-appointment-system-using-phpoop-free-source-code.html Software Link:...

Online Veterinary Appointment System 1.0 SQL Injection

Exploit Title: Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection Date: 05/01/20222 Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15119/online-veterinary-appointment-system-using-phpoop-free-source-code.html Software Link:...

Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection

Exploit Title: Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection Date: 05/01/20222 Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15119/online-veterinary-appointment-system-using-phpoop-free-source-code.html Software Link:...

Hospitals Patient Records Management System 1.0 - (id) SQL Injection (Authenticated) Vulnerability

Exploit Title: Hospitalss Patient Records Management System 1.0 - 'id' SQL Injection Authenticated Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15116/hospitals-patient-records-management-system-php-free-source-code.html Software Link:...

CMSimple 5.4 - Cross Site Scripting Vulnerability

Exploit Title: CMSimple 5.4 - Cross Site Scripting XSS Exploit Author: heinjame Vendor Homepage: https://www.cmsimple.org/en/ Software Link: https://www.cmsimple.org/en/?Downloads Version: images Upload a file Attack vector '-alert1// need to encode ' When the victim clicks the delete button,an...

Hospitals Patient Records Management System 1.0 - Account TakeOver Vulnerability

Exploit Title: Hospitals Patient Records Management System 1.0 - Account TakeOver Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15116/hospitals-patient-records-management-system-php-free-source-code.html Software Link:...

CMSimple 5.4 - Cross Site Scripting (XSS)

Exploit Title: CMSimple 5.4 - Cross Site Scripting XSS Date: 22/10/2021 Exploit Author: heinjame Vendor Homepage: https://www.cmsimple.org/en/ Software Link: https://www.cmsimple.org/en/?Downloads Version: images Upload a file Attack vector '-alert1// need to encode ' When the victim clicks the...

Microsoft Sees Rampant Log4j Exploit Attempts, Testing

No surprise here: The holidays bought no Log4Shell relief. Threat actors vigorously launched exploit attempts and testing during the last weeks of December, Microsoft said on Monday, in the latest update to its landing page and guidance around the flaws in Apache’s Log4j logging library. “We have...

CVE-2021-39143

Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment don't override system...

Path traversal

Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment don't override system...

The vulnerability of Google Chrome’s web storage mechanism, which allows a hacker to circumvent existing security restrictions

The vulnerability of Google Chrome browser-based web storage is caused by synchronization errors when using a common resource. Exploiting this vulnerability can allow an attacker to bypass existing security restrictions remotely...

Netgear RAX43 缓冲区错误漏洞

The Netgear RAX43 is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between them. A buffer overflow vulnerability exists in Netgear RAX43 version 1.0.3.96. The vulnerability is caused by the URL parsing functionality of the...

The vulnerability of Adobe After Effects’ video and dynamic image editing software lies in the possibility of an operation going beyond the buffer in memory, allowing a hacker to execute arbitrary code.

The vulnerability of Adobe After Effects’ video and dynamic image editing software relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...