File upload vulnerability in the teaching resources service management platform of Wuhan Dongxin Tongbang Information Technology Co.

Teaching Resources Service Management Platform is a system based on B/S architecture, adopting the concept of multi-level platform design, with the core functions of educational resources aggregation, categorization and storage, regional sharing, etc., and supporting activities such as remote...

Design/Logic Flaw

In Platform, there is a possible bypass of user interaction requirements due to background app interception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID...

Uber: [experience.uber.com] Node.js source code disclosure & anonymous access to internal Uber documents, templates and tools

A configuration file on experience.uber.com exposed details for the server configuration as well as information about the content hosted on the site. The site itself did require authentication to log in, but this config file was publicly accessible. Other accessible URLs included slide deck...