Reddit: Open Redirect on www.redditinc.com via `failed` query param

hello dear support I have found the issue on https://www.redditinc.com/ama HTTP request POST /ama HTTP/1.1 Content-Type: multipart/form-data; boundary=----------YWJkMTQzNDcw Cookie:...

Protected: 5 Reasons Every Small Business Needs An Employee App

By Owais Sultan There is no excerpt because this is a protected post. This is a post from HackRead.com Read the original post: Protected: 5 Reasons Every Small Business Needs An Employee App...

Exploit for CVE-2021-34527

CVE-2021-34527mitigation Mitigation for CVE-2021-34527 RCE b...

OpenEMR 5.0.1.7 - (fileName) Path Traversal (Authenticated) Exploit (2)

Title: OpenEMR 5.0.1.7 - 'fileName' Path Traversal Authenticated 2 Exploit author: noraj Alexandre ZANNI for SEC-IT http://secit.fr Exploit source: https://github.com/sec-it/exploit-CVE-2019-14530 Vendor Homepage: https://www.open-emr.org/ Software Link:...

UVI-2021-1000926 net: ethernet: fix potential use-after-free in ec_bhf_remove

net: ethernet: fix potential use-after-free in ecbhfremove This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.128 by commit...

GSD-2021-1000852 bonding: init notify_work earlier to avoid uninitialized use

bonding: init notifywork earlier to avoid uninitialized use This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.237 by commit...

Unauthorized Access Vulnerability in Multiple Printers at Ricoh (China) Investment Co.

Ricoh China Investment Co., Ltd. provides services and solutions such as document output management services and IT solutions such as office image processing equipment e.g., MFPs, printers, etc., production digital printers, and more. An unauthorized access vulnerability exists in multiple printe...

GSD-2021-1000763 efi/libstub: prevent read overflow in find_file_option()

efi/libstub: prevent read overflow in findfileoption This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.43 by commit...

Unauthorized Access Vulnerability in Epson (China) Limited L6190 Series

Epson China Co., Ltd. was established in 1998, headquartered in Beijing, is responsible for overseeing Epson's investment and business development in China. An unauthorized access vulnerability exists in the Epson China Limited L6190 Series, which can be exploited by attackers to obtain sensitive...

CVE-2021-3526

...

Repository credentials passed to alternate domain

While working on the Helm source, a Helm core maintainer discovered a situation where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. Impact The index.yaml within a Helm chart repository contains a...

Missing Authentication for Critical Function

The vulnerability allows an attacker to substitute or modify packages retrieved from BC thus allowing to inject malicious code into ballerina executables...

ICE Hrm 29.0.0.OS - (Account Takeover) Cross-Site Request Forgery (CSRF) Vulnerability

Exploit Title: ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Request Forgery CSRF Exploit Author: Piyush Patil & Rafal Lykowski Vendor Homepage: https://icehrm.com/ Version: 29.0.0.OS Tested on: Windows 10 and Kali Description ICE Hrm Version 29.0.0.OS is vulnerable to CSRF which allows...

Linux/x86 Custom Shellcode ASCII And-Sub Encoder

/ Title: Linux/x86 - Custom Shellcode ASCII And-Sub Encoder Date: 29.03.2021 Author: Xenofon Vassilakopoulos github : https://github.com/xen0vas/ASCII-AND-SUB-Encoder gcc -m32 sub.c -o sub Usage : ./sub -s \x41\xff\x41\x41 -b \x0a\x0d\x2f\x3a\x3f\x40\x80\x81\x82 / include include include include...

OSV-2021-861 Use-of-uninitialized-value in jxl::N_AVX2::FloatToRGBA8

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35231 Crash type: Use-of-uninitialized-value Crash state: jxl::NAVX2::FloatToRGBA8 jxl::FinalizeImageRect jxl::ThreadPool::RunCallStatejxl::FinalizeFrameDecoding...

CVE-2020-12992

...

CVE-2020-12989

...

CVE-2020-12978

...

CVE-2020-12924

...

CVE-2020-12896

...