Input validation

A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated attacker to gain the same privilege as the application on the server when a malicious payload is provided over HTTP for the server to execute...

CVE-2020-18694

Cross Site Request Forgery CSRF in IgnitedCMS v1.0 allows remote attackers to obtain sensitive information and gain privilege via the component "/admin/profile/saveprofile"...

CVE-2020-18264

Cross Site Request Forgery CSRF in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=acteditmember"...

GE Digital HMI/SCADA iFIX Permission License and Access Control Issues Vulnerability

Genesys PureEngage Digital is an omni-channel customer interaction management platform from Genesys. The platform supports features such as online chat, email and SMS Short Message Service. A security vulnerability exists in GE Digital HMI/SCADA iFIX that originates from allowing a locally...

Google Android Framework elevation of privilege vulnerability (CNVD-2018-22761)

Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. An elevation of privilege vulnerability exists in the Framework component of Google Android 9, which can be exploited by an attacker to elevate privileges...