Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway

SpringCloud-Gateway Command Execution Vulnerability CVE-2022...

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

SpringCloud-Gateway Command Execution Vulnerability CVE-2022...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. An elevation of privilege vulnerability exists in Google Android, which stems from a lack of privilege checks in Traceur that could bypass developer setup requirements to capture system traces. An attacker could exploi...

Flo Launch < 2.4.1 - Missing Authentication Allow Full Site Takeover

The plugin injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flocustomtableprefix cookie to an arbitrary value. On any website where flo-launch is active create cookie "flocustomtableprefix" with any string value to...

CVE-2022-0738

CVE-2022-0738 affects GitLab releases prior to fixed versions: 14.6.5, 14.7.4, and 14.8.2. The issue pits GitLab under specific conditions when adding mirrors with SSH credentials, leaking user passwords. Concrete details across connected sources confirm the affected version ranges and the vulner...

CVE-2021-27428

GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without...

CVE-2021-27428

GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without...

CVE-2021-27428 GE UR family Unrestricted Upload of File with Dangerous Type

GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without...

Cross site request forgery (csrf)

The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7dbeditscrfiledelete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the...

Exploit for Improper Initialization in Linux Linux_Kernel

pwncatdirtypipe !asciicasthttps://asciinema.org/a/UGXf1HI...

Mip22 - An Advanced Phishing Tool

The program is made for educational purposes only for to see how the phishing method works. Any unnecessary use of the program is prohibited and the manufacturer has no responsibility for any illegal use by anyone. Use the tool at your own risk and avoid any sloppy actions. Installation...

CVE-2021-39692

In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product:...

The vulnerability of the Windows Setup application installation process allows a hacker to exploit their privileges.

The vulnerability of the Windows Setup application’s installation service is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability can allow an attacker to increase their privileges...

PT-2022-18174 · Arris · Arris Tr3300

Name of the Vulnerable Software and Affected Versions: Arris TR3300 version 1.0.13 Description: The issue is related to a command injection vulnerability in the wps setting function. This vulnerability is exploited via the wps enrolee pin parameter, allowing attackers to execute arbitrary command...

CVAD Setup Wizard Fails To Complete When Using Citrix Cloud - Index Was Out Of Range

Running the Provisioning Services CVAD Setup Wizard to create or add new machines to a Citrix Cloud catalog fails to create the devices. Upon clicking finish, after specifying wizard parameters, the wizard closes and the following error appears: Error: Index was out of range. Must be non-negative...

CVE-2022-26778

Veritas System Recovery VSR 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. This could allow a Windows user who has sufficient privileges to access a network file system that they were not authorized to access...

CVE-2022-25214

Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface allows an unauthenticated...

CVE-2022-25214

Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface allows an unauthenticated...

Improper access control

Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface allows an unauthenticated...

CVE-2022-24932

Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard...