CVE-2023-53847 usb-storage: alauda: Fix uninit-value in alauda_check_media()

In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Fix uninit-value in alaudacheckmedia Syzbot got KMSAN to complain about access to an uninitialized value in the alauda subdriver of usb-storage: BUG: KMSAN: uninit-value in alaudatransport+0x462/0x57f0...

PT-2023-10131 · Unknown · Peel Filebroker

Name of the Vulnerable Software and Affected Versions: peel filebroker affected versions not specified Description: A critical vulnerability was found in peel filebroker, affecting the select transfer status desc function of the file lib/common.rb. The issue leads to SQL injection. This...

RETURN STATEMENT OF THE transferFrom FUNCTION ALWAYS RETURN TRUE EVEN THE TRANSFER IS FAILED . IF RETURN TRUE FOR ALL TRANSACTIONS IT WILL CAUSE A PROBLEM AND LOSE OF AMOUNT

Lines of code Vulnerability details Impact When ever we calling transfer from function it will return true even the transfer failed. So as per function we think the transfer is success. But in real that transfer may or may not be failed. We don't get the exact status of the transfer Proof of...

QIWI: [contact-sys.com] XSS /ajax/transfer/status trn param

Уязвимый сценарий: https://contact-sys.com/ajax/transfer/status Уязвимый параметр: trn Некорректный content-type. Нормальный пейлоад блокируется WAFом. PoC html XSS" / document.getElementById"xss".submit; HTTP Request http POST /ajax/transfer/status HTTP/1.1 Host: contact-sys.com User-Agent:...