CVE-2023-27010

Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable...

LIEF Denial of Service Vulnerability

LIEF is a cross-platform library from the personal developer Romain Thomas. Used for parsing, modifying and abstracting Elf, Pe and MachO formats, a denial of service vulnerability exists in LIEF v0.12.1, which stems from a failure to properly handle incoming error messages in the initandparse...

ZoneMinder 授权问题漏洞

ZoneMinder is an open source video surveillance software system that supports IP, USB and analog cameras. The system supports IP, USB and analog cameras, etc. A security vulnerability exists in ZoneMinder, which stems from the fact that an authenticated attacker can use the vulnerability to bypas...

CVE-2022-32746

A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl...

CVE-2022-29627

An insecure direct object reference IDOR in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers...

PT-2022-3119 · Oracle +11 · Java Se +13

Name of the Vulnerable Software and Affected Versions: Oracle Java SE versions 7u331, 8u321, 11.0.14, 17.0.2, 18 Oracle GraalVM Enterprise Edition versions 20.3.5, 21.3.1, 22.0.0.2 Description: The issue is related to insufficient input validation in the JNDI component of the Oracle Java SE and...

Google Tensorflow 安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow has a security vulnerability that can be exploited by an attacker to cause a denial of service by modifying SavedModel...

CVE-2021-44795 Modifying User Permissions via Unauthorized Access in Single Connect

Single Connect does not perform an authorization check when using the "sc-assigned-credential-ui" module. A remote attacker could exploit this vulnerability to modify users permissions. The exploitation of this vulnerability might allow a remote attacker to delete permissions from other users...

Oracle WebLogic Server 输入验证错误漏洞

Oracle WebLogic Server is an application services middleware from Oracle for cloud and traditional environments that provides a modern, lightweight development platform that supports full lifecycle management of applications from development to production and simplifies application deployment and...

CVE-2022-22286

A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R11.0 and 2.6.30.5 in Android Q10.0 allows attackers to execute privileged action by hijacking and modifying the intent...

GHSA-4JWX-78VX-GM6G Cross-Site Request Forgery in kimai2

CSRF in saving invoices / modifying status of invoices pending and cancel only...

Cross-Site Request Forgery in kimai2

CSRF in saving invoices / modifying status of invoices pending and cancel only...

CVE-2021-38453

Some API functions allow interaction with the registry, which includes reading values as well as data modification...

CVE-2021-25735

A vulnerability was found in Kubernetes' kube-apiserver that could allow Node updates to bypass a Validating Admission Webhook. An authenticated user could exploit this by modifying Node properties to values that should have been prevented by registered admission webhooks...

Cisco Webex Meetings 安全漏洞

Cisco Webex Meetings is a videoconferencing solution from Cisco USA. A security vulnerability exists in Cisco Webex Meetings, which can be exploited by an attacker to create spoofed data by modifying the roles of Cisco Webex Meetings in order to spoof victims...

CVE-2021-25352

Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent...

Mingyuan Cloud Data Center has a logic flaw vulnerability

Shenzhen Mingyuan Cloud Technology Co., Ltd. is a digital service provider of real estate ecological chain. A logic flaw vulnerability exists in the Mingyuan Cloud Data Center. Attackers use the vulnerability to access the backend interface and obtain sensitive information by intercepting data...

Design/Logic Flaw

In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client side. NOTE: MIT...

MyJWT - A Cli For Cracking, Testing Vulnerabilities On Json Web Token (JWT)

This cli is for pentesters, CTF players, or dev. You can modify your jwt, sign, inject ,etc... Check Documentation for more information. If you see problems or enhancement send an issue.I will respond as soon as possible. Enjoy : Documentation Documentation is available at...

Remote code execution

An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xclonerrestore.php writefileaction could...