88 matches found
Buffer overflow
NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers ROM version 1B have a buffer overflow in parsing SB2 updates before the signature is verified. This can allow an attacker to achieve non-persistent code execution via a crafted...
CVE-2022-22819
NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers ROM version 1B have a buffer overflow in parsing SB2 updates before the signature is verified. This can allow an attacker to achieve non-persistent code execution via a crafted...
Automatic Question Paper Generator System 1.0 Cross Site Scripting
Exploit Title: Automatic Question Paper Generator System 1.0 - Cross-site scripting stored Date: 2022-11-03 Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15190/automatic-question-paper-generator-system-phpoop-free-source-code.html Version: 1.0 Tested on: Linux Title:...
Hardcoded credentials
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It mishandles software updates such that local third-party apps can provide a spoofed software update file that contains an arbitrary shell script and arbitrary ARM binary, where both will be executed as the root user with an...
CVE-2022-23051
PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svgfile' parameter...
Cisco Adaptive Security Appliance and Firepower Threat Defense Secure Boot Bypass Vulnerability
Cisco Firepower Threat Defense and Cisco Adaptive Security Appliance are both products of Cisco, Inc. Cisco Firepower Threat Defense is a suite of unified software that provides next-generation firewall services.Cisco Adaptive Security Appliance is a firewall and network security platform. Cisco...
CVE-2020-26583
An issue was discovered in Sage DPW 202006x before 202006002. It allows unauthenticated users to upload JavaScript in a file via the expenses claiming functionality. However, to view the file, authentication is required. By exploiting this vulnerability, an attacker can persistently include...
Cisco IOS XE Software Arbitrary Code Execution Vulnerability (cisco-sa-xbace-OnCEbyS)
According to its self-reported version, Cisco IOS XE Software is affected by a arbitrary code execution vulnerability, due to incorrect validations by boot scripts when specific ROM monitor ROMMON variables are set. An authenticated, local attacker could exploit this vulnerability by installing...
CVE-2020-3513
Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 RSP3 installed could allow an authenticated, local attacker with high privileges to execute...
CVE-2020-3416
Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 RSP3 installed could allow an authenticated, local attacker with high privileges to execute...
CVE-2020-3417
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor ROMMON variables are set. An attacker could...
Design/Logic Flaw
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor ROMMON variables are set. An attacker could...
Design/Logic Flaw
Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 RSP3 installed could allow an authenticated, local attacker with high privileges to execute...
CVE-2019-20357
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 v160 and 2019 v15 consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system...
Anghami - Persistent Input Validation Vulnerability
Document Title: =============== Anghami - Persistent Input Validation Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2144 View Video: https://www.youtube.com/watch?v=7CnXLxs6CXo Release Date: ============= 2018-08-27 Vulnerability Laboratory ID VL-ID:...
Stable Channel Update for Chrome OS
The Stable channel has been updated to 62.0.3202.74 Platform version: 9901.54.0/1 for most Chrome OS devices. This build contains a number of bug fixes and security updates. Systems will be receiving updates over the next several days. New Features Kerberos SSO integration for Active Directory...
OnePlus 3/3T open up an ADB session without authorization (CVE-2017-5622)
Last month we published CVE-2017-5626 patched in OxygenOS 4.0.2, a vulnerability which allowed attackers to effectively unlock a OnePlus 3/3T device without a factory reset. Combining this with our also discovered CVE-2017-5624 patched in OxygenOS 4.0.3 enabled a powerful attack against locked...
Privilege escalation
An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the locked bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disabledmverity' command. Having dm-verity disabled, the kernel will not verify the system...
CVE-2017-5624
An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the locked bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disabledmverity' command. Having dm-verity disabled, the kernel will not verify the system...
CVE-2016-3173
An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The aria-label parameter of tiles at the Portal can be used to inject script code. Those labels use the name of the file e.g. an image which gets displayed at the portal application. Using script code at the file name leads t...