OS Command Injection

baserproject/basercms is vulnerable to OS command injection. An attacker can upload malicious zip files through the upload functionality in the library, leading to the path traversal on the host operating system...

APT C-23 Hackers Using New Android Spyware Variant to Target Middle East Users

A threat actor known for striking targets in the Middle East has evolved its Android spyware yet again with enhanced capabilities that allow it to be stealthier and more persistent while passing off as seemingly innocuous app updates to stay under the radar. The new variants have "incorporated ne...

CVE-2021-43559

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk...

CVE-2021-43559

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk...

CVE-2021-25984 FactorJS - Stored Cross-Site Scripting (XSS) in Post Reply Functionality

In Factor App Framework & Headless CMS forum plugin, versions v1.3.3 to v1.8.30, are vulnerable to stored Cross-Site Scripting XSS at the “post reply” section. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies...

CVE-2021-25982 FactorJS - Reflected Cross-Site Scripting (XSS) in Search Functionality

In Factor App Framework & Headless CMS forum plugin, versions 1.3.5 to 1.8.30, are vulnerable to reflected Cross-Site Scripting XSS at the “search” parameter in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies...

Rocket.Chat: Persistent CSS injection with ’marked’ markdown parser in Rocket.Chat

Summary: Rocket.Chat offers two different markdown parsers out of the box: the ’orginal’ one and the ’marked’ one. Both markdown parsers offer a different set of features with different re- strictions. Due to more loose restrictions in the ’marked’ parser, a persistent CSS injection in the web...

Lantronix PremierWave 2050 Web Manager Ping stack-based buffer overflow vulnerability

Summary A stack-based buffer overflow vulnerability exists in the Web Manager Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

Microsoft Windows Diagnostic Hub Elevation of Privilege Vulnerability

Microsoft Windows Diagnostic Hub is an application from Microsoft Corporation USA. It is not only a task manager, but also a device diagnostic center. This application combines Windows developer tools with UWP functionality to access new information and features.Microsoft Windows Diagnostic Hub i...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5137-2)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5137-2 advisory. It was discovered that the f2fs file system in the Linux kernel did not properly validate metadata in some situations. An attacker could use...

Users Can Frontrun revoke() By Calling vest()

Handle leastwood Vulnerability details Impact The onlyOwner role typically calls revoke if a member leaves the BootFinance team, resulting in vested tokens being transferred to the multisig account. Each vesting account has a revocable state variable that is set to either true or false. As any us...

CVE-2021-3380

Insecure direct object reference IDOR vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality...

Design/Logic Flaw

Insecure direct object reference IDOR vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality...

SUSE-SU-2021:3651-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: MozillaFirefox was updated to Extended Support Release 91.3.0 ESR Fixed: Various stability, functionality, and security fixes MFSA 2021-49 bsc1192250 CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets CVE-2021-38504:...

CVE-2021-3380

Insecure direct object reference IDOR vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality...

Design/Logic Flaw

In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active...

Koppeling - Adaptive DLL Hijacking / Dynamic Export Forwarding

This project is a demonstration of advanced DLL hijack techniques. It was released in conjunction with the "Adaptive DLL Hijacking" blog post. I recommend you start there to contextualize this code. This project is comprised of the following elements: Harness.exe: The "victim" application which i...

Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2

Description cross site request forgery vulnerability is present in delete functionality of doctor feature. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of delete the existing logs...

CVE-2021-43389

An improper validation of an array index and out of bounds memory read in the Linux kernel's Integrated Services Digital Network ISDN functionality was found in the way users call ioctl CMTPCONNADD. A local user could use this flaw to crash the system or starve the resources causing denial of...

CVE-2021-43339

In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via filename in the export functionality. For example, a new admin user could be created...