335 matches found
CVE-2024-0020
In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a confused deputy. This could lead to local information disclosure across users of a device with no additional execution privileges needed. User interaction is...
Code injection
This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17, watchOS 10, macOS Sonoma 14, iOS 17 and iPadOS 17, macOS Ventura 13.6.4. An app may be able to bypass Privacy preferences...
Information disclosure
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The Home Preference page exposes a list of system settings such as Run Mode, Jwt Secret, Node Secret and Terminal Start Command. While the UI doesn't...
CVE-2023-46785
Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partnerpreference.php resource does not validate the characters received and they are sent unfiltered to the database...
Sql injection
Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partnerpreference.php resource does not validate the characters received and they are sent unfiltered to the database...
PT-2023-30214 · Unknown · Online Matrimonial Project
Name of the Vulnerable Software and Affected Versions: Online Matrimonial Project version 1.0 Description: The issue concerns Unauthenticated SQL Injection vulnerabilities. Specifically, the id parameter of the "partner preference.php" resource does not validate the characters received and they a...
CVE-2023-21390
In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21390
In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
Design/Logic Flaw
In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21390
In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21390
CVE-2023-21390 is described across multiple sources as a permission bypass in the Android environment related to a component labeled as Sim, allowing evasion of mobile-preference restrictions and enabling local privilege escalation without requiring extra execution privileges. Exploitation is rep...
CVE-2023-5173
In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic possibly under influence of a local unprivileged webpage, leading to an out-of-bounds write to privileged process memory. This bug only affects Firefox if a non-standard preference allowin...
CVE-2023-40176 SXSS in the user profile via the timezone displayer
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is selected from a drop...
GHSA-H8CM-3V5F-RGP6 XWiki Platform Stored Cross-site Scripting in the user profile via the timezone displayer
Impact Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is selected from a drop down no free text value it can still be set from JavaScript using the browser developer tools or b...
WordPress ActiveCampaign Email Preference Center Plugin < 2.0.12 is vulnerable to Cross Site Scripting (XSS)
Software ActiveCampaign Email Preference Center Type Plugin Vulnerable versions 2.0.12 Fixed in 2.0.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0ae883cf0c33 Credits Rafie...
WordPress Universal email preference center Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)
Software Universal email preference center Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bbcdce37fcfa Credits Rafie Muhammad...
CVE-2023-29758
An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files...
CVE-2023-29758
An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files...
PT-2023-22405 · Unknown · Blue Light Filter
Name of the Vulnerable Software and Affected Versions: Blue Light Filter version 1.5.5 Description: The issue allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. This can lead to a denial of service. Recommendations: For Blue Light Filter...
Facemoji Emoji Keyboard 安全漏洞
Facemoji Emoji Keyboard is a free AI smart chatgbt Cool custom keyboard font from Facemoji. A security vulnerability exists in Facemoji Emoji Keyboard version v.2.9.1.2 that originates from a denial of service via a SharedPreference file...