PT-2023-27788 · Interact · Interact

Name of the Vulnerable Software and Affected Versions: Interact version 7.9.79.5 Description: The issue allows stored Cross-site Scripting XSS attacks in several locations, enabling an attacker to store a JavaScript payload. This can lead to the execution of malicious scripts on the client-side...

CVE-2023-41103

Interact 7.9.79.5 allows stored Cross-site Scripting XSS attacks in several locations, allowing an attacker to store a JavaScript payload...

Vaidya-Mitra 1.0 - Multiple SQL injection Vulnerability

Title: Vaidya-Mitra 1.0 - Multiple SQLi Author: nu11secur1ty Vendor: https://mayurik.com/ Software: free: https://www.sourcecodester.com/php/16720/free-hospital-management-system-small-practices.html, https://mayurik.com/source-code/P5890/best-hospital-management-system-in-php Reference:...

Params of Lien struct are not emitted when lien is created making it difficult to track

Lines of code Vulnerability details Impact Protocol does not store any information about Lien. When users want to interact, they have to send the whole Lien struct along with lienId, and the protocol will verify if this data is correct by hash. This approach reduces onchain storage and can save a...

Attacker contract can avoid being blocked

Lines of code Vulnerability details Impact A Malicious attacker can interact with the system and selfdestruct his own contract then use CREATE2 to recreate it at same address when he needs to interact with the system again. Proof of Concept Tools Used Manual Review Recommended Mitigation Steps...

csv-interact (>=0.0.1 <=1.0.0), jb55-json2csv (>=3.0.0 <=3.1.1) +1 more potentially affected by CVE-2023-26106 via dot-lens (=1.2.3)

dot-lens NPM version =1.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on dot-lens and may be impacted: - csv-interact =0.0.1, =3.0.0, =3.1.1 - tableize-csv-parser =0.0.1 Source cves: CVE-2023-26106 Source advisory: OSV:GHSA-RMHG-2CVV-Q7VX...

function mint() in FERC1155 don't follow check-effect-interact pattern, it's possible to call protocol contracts after tokens minted and before totalSupply updated

Lines of code Vulnerability details Impact Function mint mints new fractions for an ID and is only callable by VaultRegistry. code mints tokens then updates totalSupply value. when minting contract may make external call to target address, in that external call contract state is wrong, tokens are...

you should always approve zero amount because some contracts need it to interact with it (ust)

Lines of code Vulnerability details :make sure approval is zero first because there are contract that need to approve 0 becaues otherwise alot of contract will fail if approve is not zero first not a user then you can have a problem with ust contract which needs to approved 0 :mitigation:approve ...

Importance of soft skills in Technology

By Owais Sultan Peoples ability to work or interact with others is often influenced by their soft skills which include traits… This is a post from HackRead.com Read the original post: Importance of soft skills in Technology...

a-texam (=1.1.0), aait (>=1.0.4 <=1.0.5) +1089 more potentially affected by CVE-2019-9423 via opencv-contrib-python (>=3.4.11.45 <=4.1.1.26)

opencv-contrib-python PYPI version =3.4.11.45, =1.0.4, =1.11.4, =0.5.0, =0.1.0, =24.3.2, =1.0.0, =0.3.0, =0.1.0, =0.1.0, =1.0.0, =0.0.1, =0.0.16 and more Source cves: CVE-2019-9423 Source advisory: OSV:GHSA-8849-5H85-98QW...

[SECURITY] Fedora 34 Update: evolution-mapi-3.39.3-1.fc34

This package allows Evolution to interact with MS Exchange 2007 servers...

CVE-2021-0369

In CrossProfileAppsServiceImpl.java, there is the possibility of an application's INTERACTACROSSPROFILES grant state not displaying properly in the setting UI due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...

PT-2021-13048 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android version Android-11 Description: The issue is caused by a logic error in the code of CrossProfileAppsServiceImpl.java, which can lead to an application's INTERACT ACROSS PROFILES grant state not displaying properly in the setting UI...

Securing the Pandemic Disrupted Workplace

We could not have anticipated how the “new normal” would affect the way we interact. With malicious actors taking advantage of the situation, you need to see what you’re up against — and we can help...

Slackor - A Golang Implant That Uses Slack As A Command And Control Server

A Golang implant that uses Slack as a command and control channel. This project was inspired by Gcat and Twittor. This tool is released as a proof of concept. Be sure to read and understand the Slack App Developer Policy before creating any Slack apps. Setup Note: The server is written in Python ...

Hootoo HT-05 Remote Code Execution

require 'msf/core' require 'net/http' require "uri" class MetasploitModule 'Hootoo HT-05 remote shell exploit', 'Description' = %q This module tries to open a door in the device by exploiting the RemoteCodeExecution by creating a backdoor inside the device This exploit was written by Andrei Manol...

E-Sic Software livre CMS - cpfcnpj SQL Injection

E-Sic Software livre CMS - cpfcnpj SQL Injection Exploit Title: E-Sic Software livre CMS - Sql Injection Date: 12/10/2017 Exploit Author: Elber Tavares fireshellsecurity.team/ Vendor Homepage: https://softwarepublico.gov.br/ Version: 1.0 Tested on: kali linux, windows 7, 8.1, 10 - Firefox Downloa...

VMware VDP Known SSH Key Exploit

VMware vSphere Data Protection appliances 5.5.x through 6.1.x contain a known ssh private key for the local user admin who is a sudoer without password. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/ssh'...

IBM Interact Cross-Site Request Forgery Vulnerability

IBM Interact is a suite of marketing solutions from IBM USA. The solution enables real-time interactions through a variety of data-enabled features and leverages multiple data sources and autonomous learning to optimize messaging. A cross-site request forgery vulnerability exists in IBM Interact....

IBM Interact Cross-Site Scripting Vulnerability

IBM Interact is a suite of marketing solutions from IBM USA. The solution enables real-time interactions through a variety of data-enabled features and leverages multiple data sources and autonomous learning to optimize messaging. A cross-site scripting vulnerability exists in IBM Interact. A...