EUVD-2019-18838

Malware in sbrugna...

CVE-2025-32791 Permission policy information leakage in Backstage permission system

The Backstage Scaffolder plugin houses types and utilities for building scaffolder-related modules. A vulnerability in the Backstage permission plugin backend allows callers to extract some information about the conditional decisions returned by the permission policy installed in the permission...

CVE-2023-23299

The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data...

Code injection

The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data...

Node.js: fs module's file watching is not restricted by --allow-fs-read

The fs module's file watching feature in Deno was not restricted by the --allow-fs-read flag, allowing attackers to watch files they did not have read access to...

Node.js: fs.openAsBlob() bypasses permission system

The fs.openAsBlob method in Node.js, when used with the --experimental-permission flag, allowed bypassing the permission system and reading files without the required permissions...

Node.js: The use of __proto__ in process.mainModule.__proto__.require() bypasses the permission system in Node v19.6.1

The use of proto in process.mainModule.proto.require allowed bypassing the permission system in Node v19.6.1, enabling the loading of unauthorized dependencies...

Vulnerability Spotlight: Multiple vulnerabilities in phpGACL class

Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the phpGACL class. One of these vulnerabilities also affects OpenEMR, a medical practice management software written in PHP. phpGACL is a PHP library...

CVE-2019-9464

CVE-2019-9464 is a targeted Elevation of Privilege vulnerability in the Android Framework affecting Android 10, caused by an incorrect warning about an app accessing the user’s location in RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java. This could undermine ...

openSUSE Security Update : dosbox (openSUSE-2019-1905)

This update for dosbox fixes the following issues : Security issues fixed : - CVE-2019-7165: Fixed that a very long line inside a bat file would overflow the parsing buffer bnc1140254. - CVE-2019-12594: Added a basic permission system so that a program running inside DOSBox can't access the...

OPENSUSE-SU-2019:1920-1 Security update for dosbox

This update for dosbox fixes the following issues: Security issues fixed: - CVE-2019-7165: Fixed that a very long line inside a bat file would overflow the parsing buffer bnc1140254. - CVE-2019-12594: Added a basic permission system so that a program running inside DOSBox can't access the content...

OPENSUSE-SU-2019:1905-1 Security update for dosbox

This update for dosbox fixes the following issues: Security issues fixed: - CVE-2019-7165: Fixed that a very long line inside a bat file would overflow the parsing buffer bnc1140254. - CVE-2019-12594: Added a basic permission system so that a program running inside DOSBox can't access the content...

Security update for dosbox (important)

openSUSE Security Update: Security update for dosbox Announcement ID: openSUSE-SU-2019:1920-1 Rating: important References: 1140254 Cross-References: CVE-2019-12594 CVE-2019-7165 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes two vulnerabilities is now available. Descriptio...

Updated dosbox package fixes security vulnerabilities

Dosbox 0.74-3 is a security release: Fixed that a very long line inside a bat file would overflow the parsing buffer. CVE-2019-7165 by Alexandre Bartel Added a basic permission system so that a program running inside DOSBox can't access the contents of /proc e.g. /proc/self/mem when / or /proc we...

S-CMS <= 2.0b3 Multiple Local File Inclusion Vulnerabilities

No description provided by source. || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! ------------------...

S-CMS 2.0b3 - Multiple Local File Inclusions

|| || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! ---------------------------------------------------------------------------------------------- | MULTIPLE LOC...

S-CMS <= 2.0b3 Multiple Local File Inclusion Vulnerabilities

Exploit for unknown platform in category web applications ============================================================ S-CMS WEB: http://www.matteoiammarrone.com/public/s-cms/ | |--DOWNLOAD: http://www.matteoiammarrone.com/public/s-cms/ | |--DEMO: N/A | |--CATEGORY: CMS / Portal | |--DESCRIPTION:...