Spoofing

A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O8.x and P9.0, 3.4.81.1 in Android Q10,0, and 3.6.80.7 in Android R11.0 allows unprivileged applications to access contact information...

CVE-2021-25357

CVE-2021-25357 describes a pendingIntent hijacking vulnerability in Samsung’s Create Movie component, allowing unprivileged apps to access contact information. Affected releases cover Android 8.x (O) and 9.0 (P) with SMR APR-2021 Release 1, Android 10 (Q) version 3.4.81.1, and Android 11 (R) vers...

CVE-2021-25357

A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O8.x and P9.0, 3.4.81.1 in Android Q10,0, and 3.6.80.7 in Android R11.0 allows unprivileged applications to access contact information...

CloudBees Jenkins View Name Validation Bypass Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...

Sonicwall SonicWall Email Security Appliance 安全漏洞

SonicWall Email Security is an EMAIL protection device. SonicWall Email Security has a security vulnerability that allows remote attackers to submit special requests that can create administrator accounts...

Web-School ERP 跨站请求伪造漏洞

Web-School ERP is a school management software for schools and educational organizations. A cross-site request forgery vulnerability exists in Web-School ERP version 5.0. An attacker can exploit this vulnerability to create a studentleaveapplication request via...

CVE-2021-21640

A flaw was found in Jenkins. Due to lack of validation of the newly created view name, an attackers with View/Create permission are allowed to create views with invalid or already-used names...

CVE-2021-21640

Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view has an allowed name, allowing attackers with View/Create permission to create views with invalid or already-used names...

CVE-2021-21640

CVE-2021-21640 affects Jenkins 2.286 and earlier, and LTS 2.277.1 and earlier. The vulnerability is a view name validation bypass: when creating a new view, the submitted name is not consistently validated, allowing attackers with View/Create permission to create views with invalid or already-use...

CVE-2021-21640

Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view has an allowed name, allowing attackers with View/Create permission to create views with invalid or already-used names...

CVE-2020-13421

OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions...

Design/Logic Flaw

OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions...

USN-4902-1 python-django vulnerability

Dennis Brinkrolf discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories...

CVE-2021-25156

CVE-2021-25156 describes a remote arbitrary directory creation vulnerability in Aruba Instant Access Point (IAP) products. Affected versions include Aruba Instant 6.4.x (up to 6.4.4.8-4.2.4.17 and below), 6.5.x (up to 6.5.4.18 and below), 8.3.x (up to 8.3.0.14 and below), 8.5.x (up to 8.5.0.11 an...

Project Expense Monitoring System 1.0 Authentication Bypass Vulnerability

Exploit Title: Project expense Monitoring System | Create Admin Account Unauthorised Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14001/project-expense-monitoring-system-project-php-source-code-2020.html Software Link:...

PT-2021-6603 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.6 and later Description: The issue is related to improper authorization, allowing guest users to create issues for Sentry errors and track their status. This could potentially enable a remote attacker to access...

PT-2021-17743 · Netflix · Netflix Oss Hollow

Name of the Vulnerable Software and Affected Versions: Netflix OSS Hollow affected versions not specified Description: The issue allows an attacker to pre-create directories with wide permissions since the Files.existsparent check is performed before creating the directories. Furthermore, the use...

react-dev-utils OS Command Injection in function `getProcessForPort`

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

GNOME Glib 后置链接漏洞

GNOME Glib is a multi-platform toolkit for creating graphical user interfaces and is the underlying core library for GTK+ and GNOME projects. A security vulnerability exists in GNOME GLib before 2.66.8, which stems from the fact that gfilereplace and GFILECREATEREPLACEDESTINATION incorrectly also...

Command injection

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...