veraPDF has potential XSLT injection vulnerability when using policy files

Impact Executing policy checks using custom schematron files invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. Patches This has been patched and users should upgrade to veraPDF v1.24.2 Workarounds This doesn't affect the standard validation an...

Design/Logic Flaw

An issue was discovered in the Hyundai Gen5WL in-vehicle infotainment system AEEPEEUR.S5WL001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml...

CVE-2023-26244

An issue was discovered in the Hyundai Gen5WL in-vehicle infotainment system AEEPEEUR.S5WL001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml...

CVEfixes-db

This repository is an offensive tool for collecting and processing CVE Common Vulnerabilities and Exposures data. It is a Python-based tool that collects CVE data from various sources, including the National Vulnerability Database NVD and GitHub, and stores it in a SQLite database. The tool is...

CVE-2021-37413

GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login...

Fastfuz-Chrome-Ext - Site Fast Fuzzing With Chorme Extension

Fast fuzzing websites with chrome extension Screenshot Install Add Your Custom Files Open files.txt Paste your file or directory name in line by line Happy Hunting TODO Add response size foundings Add new specific file and directory names Add Extension to chrome extension marketplace Download...