94 matches found
matrix-react-sdk 数据伪造问题漏洞
Travis Ralston matrix-react-sdk is an open source application by Travis Ralston. It is used to insert the Matrix chat/voice client into web pages. A security vulnerability exists in matrix-react-sdk before version 3.15.0, which stems from the possibility that user content sandboxing could be abus...
WHO COVID-19 Mobile App: Improper Input Validation on User's Location on PUT /WhoService/putLocation Could Affect Availability/Falsify Users
Summary: Note: I noticed that that the team has fixed issues like an XSS that's caused only from a header value typically OOS since it's not directly exploitable https://github.com/WorldHealthOrganization/app/pull/855, so in the spirit of this I'm also reporting another "good-to-fix" issue. On th...
Rest Devices Mimo Baby Man-in-the-Middle Attack Vulnerability
Rest Devices Mimo Baby is a baby sleep tracker device from Rest Devices UK. A security vulnerability exists in Rest Devices Mimo Baby version 2, which stems from the program failing to properly perform authentication or encryption for Bluetooth Low Energy BLE communication between the Turtle and...
The vulnerability of the microprogramming software of the Cisco TelePresence ISDN Gateway allows a perpetrator to access the authentication data of arbitrary users.
The vulnerability of the microprogramming software of the Cisco TelePresence ISDN Gateway relates to the falsification of inter-site requests. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the authentication data of arbitrary users...
webwinmail to brute force crack the falsification of any of the mailbox the sender-vulnerability warning-the black bar safety net
First of all, we landed an account test02,as shown: ! 7. png We test01 set up inside a proxy of the sender, here we set another account name called test02 ! 8. png ! 9. png We go to test01 view: ! 1 0. png We violence to crack this CAPTCHA: ! 1 1. png ! 1 2. png Hack is finished, we look at: ! 1 ...
PHP WDDX Serializier Data Injection Vulnerability-vulnerability warning-the black bar safety net
PHP WDDX Serializier Data Injection Vulnerability Taoguang Chen - 2014.11.2 PHP in the array is serialized into a WDDX structure of the process, there is no array key name strictly limited, can lead to falsification of the object WDDX structure. i serialize the object PHP in the object is...
Microsoft Internet Explorer 6.0 Meta Data Foreign Domain Spoofing Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10248/info A vulnerability has been reported in Microsoft Internet Explorer that may facilitate certificate spoofing. This issue could aid in attacks which falsify web content to victim users. The cause of the vulnerabili...
PhpMyAdmin Client Side 0Day Code Injection and Redirect Link Falsification
No description provided by source. PhpMyAdmin Client Side 0Day Code Injection and Redirect Link Falsification Credits: Emanuele 'emgent' Gentili [email protected] Marco 'whitesheep' Rondini [email protected] Alessandro 'scox' Scoscia [email protected] In error.php, PhpMyAdmi...
CVE-2013-0798 : World read and write access to app_tmp directory on Android
Fourteenforty Research Institute, Inc. Security Advisory World read and write access to apptmp directory on Firefox for Android 2013/04/02 === Summary === World read and write access to apptmp directory on Firefox for Android allows replacing Firefox add-ons. === Severity === Middle === Affected...
Tencent Weibo falsification of information vulnerability, other microblogging is also affected by the impact-vulnerability warning-the black bar safety net
Brief description: Can be forged to anyone on Twitter, April Fools ' day entertainment the vulnerability, we know. Detailed description: In the meager dialogue and the broadcast send: Test || @mA:I'm not mA Can disguise mA huateng participate in the dialogue. Vulnerability to prove: Repair...
PhpMyAdmin Client Side 0Day Code Injection and Link Falsification
Exploit for php platform in category web applications ================================================================= PhpMyAdmin Client Side 0Day Code Injection and Link Falsification ================================================================= Credits: Emanuele 'emgent' Gentili Marco...
phpMyAdmin - Client-Side Code Injection Redirect Link Falsification
phpMyAdmin - Client-Side Code Injection Redirect Link Falsification PhpMyAdmin Client Side 0Day Code Injection and Redirect Link Falsification Credits: Emanuele 'emgent' Gentili Marco 'whitesheep' Rondini Alessandro 'scox' Scoscia In error.php, PhpMyAdmin permit to insert text and restricted tag,...
jspwiki-xss.txt
Application: JSPWiki Multiple Vulnerabilities Version: 2.4.103 and 2.5.139 Credit: Jason Kratzer Date: 9/24/2007 Background ------------------------------------------------------------ JSPWiki is wiki software built around the standard J2EE components of Java, servlets and JSP. It was written by...
Crlf injection
Multiple unspecified injection vulnerabilities in unspecified Auth Container back ends for PEAR::Auth before 1.2.4, and 1.3.x before 1.3.0r4, allow remote attackers to "falsify authentication credentials," related to the "underlying storage containers."...