Ubuntu 22.04 LTS / 23.04 : Linux kernel vulnerabilities (USN-6338-2)

The remote Ubuntu 22.04 LTS / 23.04 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6338-2 advisory. Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use...

Microsoft Visual Studio Permissions and Access Control Issues Vulnerability

Microsoft Visual Studio is a family of development tools from Microsoft Corporation, and is a largely complete development toolset that includes most of the tools needed throughout the software lifecycle. Vulnerability. The vulnerability stems from a lack of effective permission and access contro...

Vesting benRevocable flag can be switched on and off by anyone and doesn't provide any additional control

Handle hyh Vulnerability details Impact Griefing attack is possible for revoke mechanics by calling vest with a tiny amount and zero isRevocable. This will switch revocable off for the whole vesting amount i.e. the whole set of timelocks flag is being set via last vest call. And vice versa,...

Query Binding Exploitation

illuminate/database is vulnerable to query binding exploitation. The vulnerability exists through the lack of control on the expected bindings in the Query Builder...

in microweber/microweber

Description microweber/microweber is vulnerable to Arbitrary File Upload. Effective controls have not been implemented to restrict users from uploading malicious content to the web server. Files containing code like .php, .exe and etc can be uploaded successfully. Steps To Reproduce-: 1. Login in...

Unikrn: [unikrn.com] Profile updated with error":true,"success":false"

Greetings, We noticed that even if the https://unikrn.com/apiv2/user/updateprofile gave an answer that the code is on error , the post is proceeded : PoC : -- curl 'https://unikrn.com/apiv2/user/updateprofile' -XPOST -H 'Referer: https://unikrn.com/profile' -H 'Content-Type: application/json' -H...