Microsoft Windows DNS Server Remote Code Execution Vulnerability (CNVD-2022-84606)

Microsoft Windows is a set of operating systems for personal devices used by the U.S. company Microsoft Microsoft. A remote code execution vulnerability exists in Microsoft Windows DNS Server, which can be exploited by attackers to execute arbitrary code on the system...

JPEGLock.lockFor can relock for specific nft, which overwrites previous lock and cause JPEG loss of the locker

Lines of code Vulnerability details Impact NFTVault contract allows anyone to finalize a pending NFT value proposal by calling the finalizePendingNFTValueETH function. A finalizer must lock an equivalent amount of JPEG tokens to the proposed NFT value in JPEGLock, and can only withdraw those toke...

WordPress One Click Demo Import plugin文件上传漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress One Click Demo Import plugin has a file upload vulnerability, which originates from the plugin does not validate the importe...

CVE-2022-28396

...

szcodos.ecer.com Cross Site Scripting vulnerability OBB-2498061

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Fast Flow < 1.2.11 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting ' document.form1.submit;...

Photo Gallery < 1.6.3 - Reflected Cross-Site Scripting

The plugin does not properly sanitize the $GET'imageurl' variable, which is reflected back to the users when executing the editimagebwg AJAX action. var form1 = document.getElementById'hack'; form1.submit;...

Razer Sila - Local File Inclusion (LFI)

Exploit Title: Razer Sila - Local File Inclusion LFI Google Dork: N/A Date: 4/9/2022 Exploit Author: Kevin Randall Vendor Homepage: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila Software Link: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila Version:...

CVE-2022-27149

...

E-Commerce Website 1.1.0 Shell Upload

Full-Ecommece-Website-Slides-Unrestricted-File-Upload-RCE-POC Author: D4rkP0w4r Description = Upload web shell at Slides in admin panel Step to Reproduct Login to admin - Slides - upload web shell - Submit Exploit Upload web shell at Slides When upload success access...

onlyBurner modifier missing

Lines of code Vulnerability details Impact onlyBurner modifier is missing in burn function. Since it is a public function anyone can burn FEI tokens. Proof of Concept Tools Used Manual analysis Recommended Mitigation Steps Add onlyBurner modifier to the burn function. --- The text was updated...

ASB-A-213239835

Bulletin has no description...

TotoLink EX300_v2 Cross-Site Scripting Vulnerability

TotoLink EX300 is a 300 Mbps wireless N range extender from TotoLink China. version TotoLink EX300v2 V4.0.3c.140B20210429 has a cross-site scripting vulnerability that can be exploited by attackers to execute JavaScript code on the client side...

JFinalOA SQL Injection Vulnerability

JFinalOA is an enterprise office system developed based on the JFinal framework.JFinalOA has a SQL injection vulnerability that can be exploited by attackers to execute arbitrary SQL statements...

Jenkins Bitbucket Server Integration Plugin跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier versions are...

WordPress Title Experiments Free plugin SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Title Experiments Free plugin version 9.0.1 prior to the SQL injection vulnerability, the vulnerability stems from the use o...

NVIDIA CUDA Toolkit SDK Integer Overflow Vulnerability

Nvidia NVIDIA CUDA Toolkit is a development software application for creating high-performance GPU-accelerated applications from Nvidia Corporation. An integer overflow vulnerability exists in the NVIDIA CUDA Toolkit SDK that could be exploited by remote attackers to cause remote code execution,...

CVE-2021-26598

creationtimestamp| type| source ---|---|--- 2022-03-28 07:39:42+00:00| seen| https://t.me/cibsecurity/39617 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-26598.yaml...

WordPress Ninja Forms-File Uploads Extension Plugin Arbitrary File Uploads Vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin for WordPress. WordPress Ninja Forms - File Uploads Extension Plugin...

Hummingbird < 3.3.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Go to Hummingbird's Settings Configs edit the "Name and Description" and put the following...