Denial Of Service (DoS)

dcraw:sid is vulnerable to denial of service.An integer overflow is possible when the victim runs dcraw with a maliciously crafted X3F input image, allowing arbitrary code to be executed in the victim's system...

CVE-2021-22434

There is a memory address out of bounds vulnerability in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed...

Wondershare UBackit 2.0.5 - (wsbackup) Unquoted Service Path Vulnerability

Exploit Title: Wondershare UBackit 2.0.5 - 'wsbackup' Unquoted Service Path Discovery by: Luis Martinez Vendor Homepage: https://www.wondershare.com/ Software Link : https://download.wondershare.com/ubackitfull8767.exe Tested Version: 2.0.5 Vulnerability Type: Unquoted Service Path Tested on OS:...

Bentley Systems Bentley View Remote Code Execution Vulnerability

Bentley Systems Bentley View is a free viewer from Bentley Systems, USA. A remote code execution vulnerability exists in Bentley View that can be exploited by an attacker to execute code in the context of the current process...

Cross-site Scripting in livehelperchat

Stored XSS is found in SettingsLive help configurationDepartments-Departments groups-edit When a user creates a new webhook under the NAME field and puts a payload constructor.constructor'alert1', the input gets stored, at user edit groupname , the payload gets executed...

Halo cross-site scripting vulnerability (CNVD-2022-08379)

Halo is a personal blogging system for individual developers. Halo suffers from a cross-site scripting vulnerability that originates in Halo, versions v1.0.0 through v1.4.17 latest are susceptible to cross-site scripting XSS stored in the title of a post, which can be exploited by an attacker to...

Adobe InDesign out-of-bounds write vulnerability (CNVD-2022-04526)

Adobe InDesign, a set of typesetting and editing applications from Adobe, has an out-of-bounds write vulnerability that could be exploited by an attacker to cause arbitrary code to be executed in the context of the current user...

CVE-2022-22109

In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting XSS vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the...

lockWithPermit() function allows for replay attacks and signature malleability

Handle jayjonah8 Vulnerability details Impact In XDEFIDistribution.sol the lockWithPermit function calls permit on the XDEFI token. The problem with simply using permit alone for this is the message that is signed by the owner using the ECDSA algorithm. The message only contains the receiver...

Adobe Dimension out-of-bounds write vulnerability

Adobe Dimension is a set of 2D and 3D composite design tools from Adobe, Inc. An out-of-bounds write vulnerability exists in Adobe Dimension, which can be exploited by attackers to cause arbitrary code to be executed in the context of the current user...

Backdoor.Win32.Agent.ad Insecure Credential Storage

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/d2b933ebadd5c808ca4c68ae173e2d62.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.ad Vulnerability: Insecure Credential Storage Description: The malware listens ...

Design/Logic Flaw

The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL...

Cross-site Scripting (XSS) - Stored in leantime/leantime

✍️ Description A malicious actor is able to add New Project with a malicious payload, and upon opening the research menu, the XSS payload is being executed. 🕵️‍♂️ Proof of Concept 1; Log in with a proper roled user 2; Add a new Project to the system at the /projects/showAll/ URI with the + New...

Cross Site Scripting (XSS)

intelliants/subrion is vulnerable to cross-site scripting. An attacker is able to inject and execute a malicious script by adding a blog and then editing an image file...

CVE-2021-22438

There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause malicious code to be executed...

Privilege escalation

UNSUPPORTED WHEN ASSIGNED A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services...

Speculative Code Store Bypass (SCSB) and Floating-Point Value Injection (FPVI) Advisory - Lenovo Support US

No description provided...

CVE-2021-32106

In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the GET'replace' variable. As a result, arbitrary Javascript code can get executed...

CVE-2021-32106

In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the GET'replace' variable. As a result, arbitrary Javascript code can get executed...

CVE-2021-32106

In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the GET'replace' variable. As a result, arbitrary Javascript code can get executed...