42 matches found
PUB-A-384692949
Bulletin has no description...
ASB-A-416527351
Bulletin has no description...
CGA-XHM3-449C-M267
Bulletin has no description...
MINI-698G-W7QP-6R65
Bulletin has no description...
CGA-286W-X6R9-WG7Q
Bulletin has no description...
Synchronic Web Digital Identity: Speculations on the Art of the Possible
As search, social media, and artificial intelligence continue to reshape collective knowledge, the preservation of trust on the public infosphere has become a defining challenge of our time. Given the breadth and versatility of adversarial threats, the best--and perhaps only--defense is an equall...
PHP Exec, PHP Command Shell, Bind TCP (via Perl)
Execute a PHP payload from a command. Listen for a connection and spawn a command shell via perl persistent Module Options msf use payload/cmd/unix/php/bindperl msf payloadbindperl show actions ...actions... msf payloadbindperl set ACTION msf payloadbindperl show options ...show and set options...
Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching bsc1242006. CVE-2024-35840: mptcp: use OPTIONMPTCPMPJSYNACK in subflowfinishconnec...
CVEs
It is...
CVE-2024-50184
In the Linux kernel, the following vulnerability has been resolved: virtiopmem: Check device status before requesting flush If a pmem device is in a bad status, the driver side could wait for host ack forever in virtiopmemflush, causing the system to hang. So add a status check in the beginning o...
CVE-2024-34701 CreateWiki vulnerable to impersonation of wiki requester
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made...
CVE-2024-29897
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with delete or suppressrevision on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. T...
GHSA-6W4Q-23CF-J9JP parse-server's session object properties can be updated by foreign user if object ID is known
Impact A foreign user can write to the session object of another user if the session object ID is known. For example, a foreign user can assign the session object to their own user by writing to the user field and then read any custom fields of that session object. Note that assigning a session t...
CVE-2022-20352
In addProviderRequestListener of LocationManagerService.java, there is a possible way to learn which packages request location information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not...
WordPress WPQAs plugin authorization issue vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. WordPress WPQAs plugin versions prior to 5.2 are vulnerable to an authorization issue that stems...
mediawiki -- multiple vulnerabilities
Mediawiki reports: T297543, CVE-2022-28202 Messages widthheight/widthheightpage/nbytes not escaped when used in galleries or Special:RevisionDelete. T297571, CVE-2022-28201 Title::newMainPage goes into an infinite recursion loop if it points to a local interwiki. T297731, CVE-2022-28203 Requestin...
Wipro Holmes Orchestrator 20.4.1 File Disclosure
Exploit Title: Wipro Holmes Orchestrator 20.4.1 Unauthenticated Log File Disclosure Date: 09/08/2021 Exploit Author: Rizal Muhammed @ub3rsick Vendor Homepage: https://www.wipro.com/holmes/ Version: 20.4.1 Tested on: Windows 10 x64 CVE : CVE-2021-38283 import requests as rq import argparse import...
Exploit for Cross-site Scripting in Apple Safari
CVE-2017-7089 Impact: Processing maliciously crafted web...
Yelp: Requesting Show CheckIn Alert for Non Friend User
During analysis it was observed that I was able to request "ShowCheck In Alert" Request for non friend user. I performed this application from Mobile application. Below are the steps we have to carry to achieve this: Logged in to Yelp Mobile Application Visit any added friend and click on...
D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored DnsProxy.cmd
D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored DnsProxy.cmd Exploit Title: D-Link DSL-2730B Modem dnsProxy.cmd Exploit XSS Injection Stored Date: 11-01-2015 Exploit Author: Mauricio Correa Vendor Homepage: www.dlink.com Hardware version: C1 Version: GE 1.01 Tested on: Windows 8 an...