14 matches found
EUVD-2019-7464
Malware in sbrugna...
EUVD-2023-39665
Malicious code in bioql PyPI...
EUVD-2023-39680
Malicious code in bioql PyPI...
CVE-2023-35680
In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-35665
In multiple files, there is a possible way to import a contact from another user due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-35680
Technical details about CVE-2023-35680 are not publicly disclosed in the provided documents. Monitor for updates from the cited sources (Android security bulletin, NVD/CVE entries) for affected components, versions, and fixes.
CVE-2023-35665
In multiple files, there is a possible way to import a contact from another user due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-35665
CVE-2023-35665 describes a local elevation-of-privilege in Android where a missing permission check across multiple files allows importing a contact from another user. The issue enables privilege escalation without additional execution privileges and without user interaction. The connected source...
PT-2023-25265 · Google · Android
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a confused deputy, allowing the import of contacts belonging to other users in multiple locations. This could lead to local...
Facebook Had Years to Fix Flaw That Leaked 500M Users’ Data
Software makers can’t catch every bug every time, but Facebook had ample warning about the privacy problems with its “contact import” feature...
CVE-2019-16987
In FusionPBX up to v4.5.7, the file app\contacts\contactimport.php uses an unsanitized "querystring" variable coming from the URL, which is reflected in HTML, leading to XSS...
Cross site scripting
In FusionPBX up to v4.5.7, the file app\contacts\contactimport.php uses an unsanitized "querystring" variable coming from the URL, which is reflected in HTML, leading to XSS...
PT-2019-14908 · Fusionpbx · Fusionpbx
Name of the Vulnerable Software and Affected Versions: FusionPBX versions prior to 4.5.8 Description: The issue concerns the use of an unsanitized query string variable in the contact import.php file, which is reflected in HTML. This leads to a cross-site scripting XSS issue, allowing potential...
Coremail某功能多处存储型XSS
简要描述: 漏洞还是得交乌云。 详细说明: coremail在个人通讯录处可以导入联系人,格式为csv。 导入如下CSV: 联系组,姓名,电子邮件地址,住宅地址,住宅地址 邮政编码,住宅电话,移动电话,单位,商务地址,商务地址 邮政编码,商务电话,商务传真,生日,即时信息地址,网页,cmgroup aaaaaaa,,@qq.com,,,,13132132132,,,,,,19881212,,javascript:alert1 ,,,,,,,,,,,,,,,FRIENDS= ,,,,,,,,,,,,,,,FAMILY= ,,,,,,,,,,,,,,,COWORKERS=...