Linux kernel 安全漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel that stems from flaws in the handling of the SMB2SESSIONSETUP and SMB2LOGOFF commands, which lack proper locking when performing an operation on an...

PT-2023-7075

Name of the Vulnerable Software and Affected Versions Metabase open source versions prior to 0.46.6.1 Metabase Enterprise versions prior to 1.46.6.1 Description The issue allows attackers to execute arbitrary commands on the server at the server's privilege level without requiring authentication...

StandardizedToken can be setup multiple times by anyone. Causing unlimited mint by anyone.

Lines of code Vulnerability details Impact StandardizedToken can be setup multiple times by anyone. Causing unlimited mint by anyone. Proof of Concept function setupbytes calldata params external override onlyProxy address distributor; address tokenManager; string memory tokenName; tokenManager,...

AxelarGateway.sol: external setup funtion allow anyone to set governance_, mintLimiter_ and operator

Lines of code Vulnerability details Impact Anyone can call through the setup function and pass the params to set the mintlimiter, operator and governance. Proof of Concept As we can in above link, the setup function is called to set the mint limiter, operator and governance address. As per natsc...

InitProxy and Proxy may revert preventing successful init

Lines of code Vulnerability details Impact When InitProxy is constructed the owner is set to be the sender address so that the init function can only be called by the same sender address. If the init function is receiving a new owner, the implementation may revert during setup preventing proxy...

Linux Kernel ksmbd Session Setup Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. However, only systems with ksmbd enabled are vulnerable. The specific flaw exists within the handling of session...

Openfire authentication bypass with RCE plugin

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...

Bubble Menu < 3.0.5 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC 1. Click on the "Add new" tab...

XAMPP 8.2.4 - Unquoted Path Vulnerability

Exploit Title: XAMPP 8.2.4 - Unquoted Path Exploit Author: Andrey Stoykov Version: 8.2.4 Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/8.2.4/xampp-windows-x64-8.2.4-0-VS16-installer.exe Tested on: Windows Server 2022 Blog: http://msecureltd.blogspot.com/ Steps to...

CVE-2023-21245

In showNextSecurityScreenOrFinish of KeyguardSecurityContainerController.java, there is a possible way to access the lock screen during device setup due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...

Code injection

In showNextSecurityScreenOrFinish of KeyguardSecurityContainerController.java, there is a possible way to access the lock screen during device setup due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...

The admin is a single point of failure and a centralization risk

Lines of code Vulnerability details Impact Having a single EOA as the only owner of contracts is a large centralization risk and a single point of failure. A single private key may be taken in a hack, or the sole holder of the key may become unable to retrieve the key when necessary. Consider...

CVE-2023-21245

In showNextSecurityScreenOrFinish of KeyguardSecurityContainerController.java, there is a possible way to access the lock screen during device setup due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...

CVE-2023-21245

CVE-2023-21245 affects Google's Android Framework, specifically the showNextSecurityScreenOrFinish path in KeyguardSecurityContainerController.java. A logic error could allow access to the lock screen during device setup, enabling local elevation of privilege without user interaction. Exploitatio...

WordPress Plugin Metform Elementor Contact Form Builder 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2023-18031 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: A logic error in the showNextSecurityScreenOrFinish function of KeyguardSecurityContainerController.java allows access to the lock screen during device setup. This could lead to local...

PT-2023-25880 · Pimcore · Pimcore Admin Classic Bundle

Name of the Vulnerable Software and Affected Versions: Pimcore Admin Classic Bundle versions prior to 1.0.3 Description: The issue allows for unauthenticated HTML injection or cross-site scripting XSS, affecting admins who have not set up two-factor authentication. This can cause the application ...

CVE-2023-3225

The Float menu WordPress plugin before 5.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-32250

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2SESSIONSETUP commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerabilit...

DEBIAN-CVE-2023-32250

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2SESSIONSETUP commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerabilit...