Simply Schedule Appointments < 1.5.7.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Navigate to style settings:...

Testimonial Builder < 1.6.2 - Editor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-36840

DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code...

CVE-2022-36840

DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code...

CVE-2022-36840

DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code...

Code injection

DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code...

CVE-2022-36840

DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code...

CVE-2022-36840

Samsung Update Setup is affected by a DLL hijacking vulnerability in versions prior to 2.2.9.50, enabling arbitrary code execution. The issue stems from the DLL search/loading behavior in the installer/update component. Impact is system compromise with local attack vector; no exploitation details...

SAMSUNG Mobile devices 代码问题漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from South Korea's Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices Samsung Update Setup prior to version 2.2.9.50, which stems from a DLL hijacking vulnerability that can...

Manager can drain vault by taking flashloan in unexpected currency

Lines of code Vulnerability details Impact Manager can drain vault Proof of Concept address fromCollateral = vaultsData.vaultCollateralTypevaultId; uint256 rebalanceValue = priceFeed.convertFromfromCollateral, rebalanceAmount; The source of the exploit is that the above lines wrongly assume that...

Unprotested _setup function in XERC20Wrapper via Upgradable Contract

Lines of code Vulnerability details Impact If a caller calls the setup function and the address within the IMPLEMENTATIONSLOT does not equal zero, the function will call setup. The setup function changes the ownership of the contract. Proof of Concept The Upgradable contract has a setup function...

XC20Wrapper.sol can be hijacked via Upgradable.sol#setup

Lines of code Vulnerability details Impact XC20Wrapper.sol can be hijacked at any time Proof of Concept function setupbytes calldata data external override // Prevent setup from being called on the implementation if implementation == address0 revert NotProxy; setupdata; function setupbytes callda...

CVE-2022-2278

The Featured Image from URL FIFU WordPress plugin before 4.0.1 does not validate, sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite...

Cross site scripting

The Featured Image from URL FIFU WordPress plugin before 4.0.1 does not validate, sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite...

Citrix Provisioning Console communication error while running on Azure

The Citrix Provisioning Console fails to communicate with Azure after TLS 1.0 has been disabled. This prevents the use of CVAD Setup Wizard or power management in Azure using the Citrix Provisioning Console or Citrix Provisioning PowerShell interfaces. This affects all version of Citrix...

GSD-2022-1004937 xtensa: xtfpga: Fix refcount leak bug in setup

xtensa: xtfpga: Fix refcount leak bug in setup This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.321 by commit...

GSD-2022-1004888 xtensa: xtfpga: Fix refcount leak bug in setup

xtensa: xtfpga: Fix refcount leak bug in setup This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.286 by commit...

GSD-2022-1004826 xtensa: xtfpga: Fix refcount leak bug in setup

xtensa: xtfpga: Fix refcount leak bug in setup This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.250 by commit...

GSD-2022-1004740 xtensa: xtfpga: Fix refcount leak bug in setup

xtensa: xtfpga: Fix refcount leak bug in setup This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.202 by commit...

GSD-2022-1004623 xtensa: xtfpga: Fix refcount leak bug in setup

xtensa: xtfpga: Fix refcount leak bug in setup This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.127 by commit...