EUVD-2020-1921

Malware in sbrugna...

EUVD-2018-2387

Malware in sbrugna...

CVE-2020-35437

Subrion CMS 4.2.1 is affected by: Cross Site Scripting XSS through the avatarpath parameter in a POST request to the /core/profile/ URI...

CVE-2020-35437

Subrion CMS 4.2.1 is affected by: Cross Site Scripting XSS through the avatarpath parameter in a POST request to the /core/profile/ URI...

CVE-2020-0419

In generateInfo of PackageInstallerSession.java, there is a possible leak of cross-profile URI data during app installation due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

CVE-2020-0419

CVE-2020-0419 involves Android’s PackageInstallerSession.java, where generateInfo can leak cross-profile URI data during app installation due to a missing permission check. The issue affects Android 8.1–11 and is described as local information disclosure with no authentication or user interaction...

CVE-2020-0419

In generateInfo of PackageInstallerSession.java, there is a possible leak of cross-profile URI data during app installation due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

ASB-A-142125338

In generateInfo of PackageInstallerSession.java, there is a possible leak of cross-profile URI data during app installation due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

PT-2018-9820 · Wuzhi · Wuzhi Cms

Name of the Vulnerable Software and Affected Versions: WUZHI CMS version 4.1.0 Description: The issue allows for persistent XSS via the form%5Bqq 10%5D parameter to the "/index.php?m=member&f=index&v=profile&set iframe=1" URI. This enables potential attackers to inject malicious scripts into the...