6678 matches found
KbDevice digital video recorders 安全漏洞
The KbDevice KB-AHR04D is an AHD hybrid recorder from KbDevice. A security vulnerability exists in KbDevice digital video recorders that stems from the fact that the product contains undocumented functionality that is not part of the specification and cannot be accessed through interfaces or...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from an improper authorization vulnerability in the SettingsProvider module, which can be...
Malicious PyPI Packages Using Compiled Python Code to Bypass Detection
Researchers have discovered a novel attack on the Python Package Index PyPI repository that employs compiled Python code to sidestep detection by application security tools. "It may be the first supply chain attack to take advantage of the fact that Python bytecode PYC files can be directly...
PT-2023-24463 · Unknown · Dcat-Admin
Name of the Vulnerable Software and Affected Versions: Dcat-Admin version 2.1.3-beta Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter. This enables attackers to potentially manipula...
Lost And Found Information System 1.0 Broken Access Control / Privilege Escalation
Vulnerability: Broken Access Control Author: Akash Pandey CVE: CVE-2023-3018 Source: https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html Steps to re-produce: 1. Go to https://site.com/admin/?page=user/list as staff user...
Linux kernel command execution vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A command execution vulnerability exists in the Linux kernel that stems from a lack of functionality checking and can be exploited by an attacker to execute administrative...
CVE-2023-29727
The Call Blocker application 6.6.3 for Android allows unauthorized applications to use exposed components to delete data stored in its database that is related to user privacy settings and affects the implementation of the normal functionality of the application. An attacker can use this to cause...
WordPress plugin Newsletter Popup 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
CVE-2023-2901
A vulnerability was found in NFine Rapid Development Platform 20230511. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /SystemManage/User/GetGridJson?search=false&nd=1680855479750&rows=50&page=1&sidx=FCreatorTime+desc&sord=asc. The...
CVE-2023-2901 NFine Rapid Development Platform access control
A vulnerability was found in NFine Rapid Development Platform 20230511. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /SystemManage/User/GetGridJson?search=false&nd=1680855479750&rows=50&page=1&sidx=FCreatorTime+desc&sord=asc. The...
No guard for mintedAmount or reservedRate
Lines of code Vulnerability details Impact mintedAmount and reservedRate are supposed to have mutex functionality, based from the comments. Yet, those are set or used without any restrictions, without any mutex logic. Since mintedAmount designates the amount of tokens to mint and reservedRate...
Delegate architecture forces users to set zero slippage
Lines of code Vulnerability details Delegate architecture forces users to set zero slippage The design of the delegate forces users to set a zero value for the minReturnedTokens parameter when calling pay in the terminal. Technical details In order to implement the swap functionality, the...
Sql injection
A vulnerability has been found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file viewadmin.php. The manipulation of the argument adminid leads to sql injection. The attack can be launched...
Schneider Electric APC Easy UPS Online updatePassword Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Schneider Electric APC Easy UPS Online. Authentication is not required to exploit this vulnerability. The specific flaw exists within the updatePassword function. The issue results from the lack of...
SUSE-SU-2023:2210-1 Security update for rekor
This update for rekor fixes the following issues: Updated to version 1.1.1 jscSLE-23476: Functional Enhancements - Refactor Trillian client with exported methods 1454 - Switch to official redis-go client 1459 - Remove replace in go.mod 1444 - Add Rekor OID info. 1390 Quality Enhancements - remove...
CVE-2023-32955
Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in DHCP Client Functionality in Synology Router Manager SRM before 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-the-middle attackers to execute arbitrary commands via unspecified vectors...
Command injection
Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in DHCP Client Functionality in Synology Router Manager SRM before 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-the-middle attackers to execute arbitrary commands via unspecified vectors...
CVE-2023-32955
Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in DHCP Client Functionality in Synology Router Manager SRM before 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-the-middle attackers to execute arbitrary commands via unspecified vectors...
CVE-2023-32955
Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in DHCP Client Functionality in Synology Router Manager SRM before 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-the-middle attackers to execute arbitrary commands via unspecified vectors...
CVE-2023-1207
This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability...