CVE-2019-2194

In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

DynPG 4.9.1 Cross Site Scripting

Exploit Title: DynPG 4.9.1 - Persistent Cross-Site Scripting Authenticated Date: 2020-10-09 Exploit Author: Enes Özeser Vendor Homepage: https://dynpg.org/ Version: 4.9.1 Tested on: Windows & XAMPP == Tutorial alert"XSS"; == HTTP Request alert"XSS";...

PT-2020-20008 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server version 19.0.0 Description: A logic error caused the plaintext storage of the share password when it was given on the initial create API call. Recommendations: For Nextcloud Server version 19.0.0, update to a version that fix...

Jira Service Desk permissions error dialog allows Project Admins to upgrade the permission scheme

h3. Issue Summary For a specific use case, only some selected users may create issues using the Portal, so the permission to create issues by "Service Desk Customer - Portal" was removed. After the Permission change, Project Administrators, that should not have access to change the...

CVE-2020-13322

A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens...

dnsmasq: memory leak in the create_helper() function in /src/helper.c

A flaw was found in the Dnsmasq application where a remote attacker can trigger a memory leak by sending specially crafted DHCP responses to the server. A successful attack is dependent on a specific configuration regarding the domain name set into the dnsmasq.conf file. Over time, the memory lea...

WebsiteBaker 2.12.2 - Remote Code Execution

Exploit Title: WebsiteBaker 2.12.2 - Remote Code Execution Date: 2020-07-04 Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://websitebaker.org/pages/en/home.php Software Link: https://wiki.websitebaker.org/doku.php/downloads Version: 2.12.2 Tested on: Windows 10 and Ubuntu...

CloudMe 1.11.2 Buffer Overflow

Exploit Title: CloudMe 1.11.2 - Turing Complete Add-Admin ROP DEP,ASLR Exploit Author: Bobby Cooke boku CVE: CVE-2018-6892 Date: September 29th, 2020 Vendor Homepage: https://www.cloudme.com/ Software Link: https://www.cloudme.com/downloads/CloudMe1112.exe Version: 1.11.2 Tested On: Windows 10 x6...

CVE-2020-26121

An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload...

Design/Logic Flaw

An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload...

PT-2020-16300 · Wikimedia +1 · Fileimporter Extension +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.34.4 FileImporter extension for MediaWiki versions prior to 1.34.4 Description: An issue in the FileImporter extension allows an attacker to import a file into a protected page, bypassing "page creation"...

Design/Logic Flaw

Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows remote users to access unencrypted backup repositories and the Nakivo Controller configuration via a network accessible transporter service. It is also possible to create or delete backup repositories...

DEBIAN-CVE-2020-0427

In createpinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-1405501...

@ieremeev/app (>=3.0.1 <=4.1.1), @meetup/swarm-docs (=0.7.10-beta.0) +7 more potentially affected by unknown CVE via serve (>=10.0.0 <=10.1.1)

serve NPM version =10.0.0, =3.0.1, =0.1.0, =0.0.12, =0.0.0, =0.0.10, =0.0.1, =0.0.10 Source cves: unknown CVE Source advisory: OSV:GHSA-48GC-5J93-5CFQ...

Exploit for CVE-2015-1538

PoC exploit for CVE-2015-1538-1, Google Stagefright ‘stsc’ MP4 Atom Integer Overflow Remote Code Execution. The target product/service is Google Stagefright, a media library for Android. The vulnerability class/vector is Integer Overflow in the libstagefright MP4 'stsc' atom handling, leading to...

Hyland OnBase SQL Injection Vulnerability (CNVD-2020-52046)

Hyland OnBase is an enterprise information platform for managing your content, processes and cases. Hyland OnBase suffers from an SQL injection vulnerability. An attacker can exploit this vulnerability to conduct SQL injection attacks via TestConnectionLocalOrLinkedServer, CreateFilterFriendlyVie...

Microsoft Windows Elevation of Privilege Vulnerability (CNVD-2020-54910)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows, which can be exploite...

The vulnerability of the DirectX component in Windows operating systems allows attackers to gain rights to install programs, view, modify, or delete data, as well as create new accounts with full user privileges.

The vulnerability of the DirectX component in Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to gain privileges to install programs, view, modify, or delete data, and create new user accounts with full user rights using a...

The vulnerability of the Windows Media Foundation component of the Windows operating system allows attackers to gain privileges to install programs, view, modify, or delete data, as well as create new user accounts with full user rights.

The vulnerability of the Windows Media Foundation component in the Windows operating system arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability can allow attackers to gain privileges to install programs, view, modify, or delete data, and create...

Prototype Pollution in whitfin/dot-notes-js

Overview dot-notes is a Two way conversions between objects and dot/bracket notation. This package are vulnerable to Prototype Pollution via. the create function. Proof of Concept const dots = require'dot-notes'; dots.create, 'proto.polluted', true; console.logpolluted;...