CVE-2023-37117

Removed by vendor...

The vulnerability of the BMP Logo Handler component in the BIOS AMI AptioV configuration tool allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the BMP Logo Handler component in the BIOS AMI AptioV setup tool involves the unlimited loading of dangerous files. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

EventON (Free < 2.2.7, Premium < 4.5.5) - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to the EventON Lite setting...

CVE-2023-5911

The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin through 3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

CVE-2024-0305

A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to 2017 and classified as problematic. Affected by this issue is some unknown functionality of the file /manage/IPSetup.php of the component Guest Login. The manipulation leads to information disclosure. The attack may b...

Code injection

The current setup of the quarantine page tables assumes that the quarantine domain domio has been initialized with an address width of DEFAULTDOMAINADDRESSWIDTH 48 and hence 4 page table levels. However domio being a PV domain gets the AMD-Vi IOMMU page tables levels based on the maximum hot...

CVE-2023-46835

The current setup of the quarantine page tables assumes that the quarantine domain domio has been initialized with an address width of DEFAULTDOMAINADDRESSWIDTH 48 and hence 4 page table levels. However domio being a PV domain gets the AMD-Vi IOMMU page tables levels based on the maximum hot...

WP Chat App < 3.4.5 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

RAID Technology and the importance of disk encryption in data security

Introduction Recently we were engaged by a client experiencing a potential data leak incident. Amidst their expansion, they were constructing a new data centre. Due to pressing business needs, they accelerated the setup of part of their infrastructure. This urgency led to them setting up a Domain...

Code injection

When the Genie Company Aladdin Connect garage door opener Retrofit-Kit Model ALDCM is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allo...

Genie Aladdin Connect garage door opener Cross-site scripting vulnerability

Genie Aladdin Connect garage door opener is a garage door opener from Genie. A security vulnerability exists in the Genie Aladdin Connect garage door opener Retrofit-Kit Model ALDCM that stems from a cross-site scripting XSS vulnerability on the Garage Door Control Module Setup page...

PT-2024-14839 · Genie Company · Aladdin Connect

Name of the Vulnerable Software and Affected Versions: The Genie Company Aladdin Connect Retrofit-Kit Model ALDCM affected versions not specified Description: Unauthenticated access is permitted to the web interface page "Garage Door Control Module Setup" of The Genie Company Aladdin Connect...

Cross site scripting

The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-51135

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup...

TOTOLINK X2000R 安全漏洞

TOTOLINK X2000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK X2000R suffers from a buffer overflow vulnerability that originates from the failure of the formPasswordSetup function to properly validate the length and size of the input data, which can be exploited by an...

FreeSWITCH 1.10.10 Denial Of Service Vulnerability

When handling DTLS-SRTP for media setup, FreeSWITCH version 1.10.10 is susceptible to denial of service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. FreeSWITCH...

Product Enquiry for WooCommerce < 3.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Form Customizer: 1. Navigate to...

CVE-2023-51443 FreeSWITCH susceptible to Denial of Service via DTLS Hello packets during call initiation

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service...

UBUNTU-CVE-2023-4641

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from...

Cross site scripting

The BSK Forms Blacklist WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...