Laundry System Cross-Site Request Forgery Vulnerability

Laundry System is a laundry system. The Laundry System suffers from a cross-site request forgery vulnerability that arises from a web application that does not adequately validate that a request is coming from a trusted user. An attacker could exploit this vulnerability to spoof a malicious reque...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to circumvent a security measure or execute arbitrary code with application privileges. Successful exploitation requires the malicious party to trick the victim into opening a rogue...

Foxit PDF Editor for Mac < 12.1.1 Multiple Vulnerabilities

According to its version, the Foxit PDF Editor for Mac application previously named Foxit PhantomPDF for Mac installed on the remote macOS host is prior to 12.1.1. It is, therefore affected by multiple vulnerabilities: - A use-after-free vulnerability exists in the JavaScript engine of Foxit...

CVE-2023-34475

A heap use-after-free vulnerability was found in ImageMagick's ReplaceXmpValue function in MagickCore/profile.c. This flaw allows an attacker to trick a user into opening a specially crafted file to convert, triggering a heap use-after-free write error, and allowing an application to crash,...

SUSE CVE-2021-38508

By displaying a form validity message in the correct location at the same time as a permission prompt such as for geolocation, the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox 94,...

CVE-2018-14520

An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages...

CVE-2018-14520

An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages...

CVE-2022-34482

An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from...

CVE-2020-9066

Huawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169C00E166R4P1 have an improper authentication vulnerability. The Application doesn't perform proper authentication when user performs certain operations. An attacker can trick user into installing a malicious plug-in to exploit...

Microsoft Office Access Connectivity Engine Buffer Error Vulnerability

Microsoft Office is a U.S. Microsoft Microsoft company's office software suite of products. Common components of the product include Word, Excel, Access, Powerpoint, FrontPage, etc. Office Access Connectivity Engine is one of the database connection engine. A remote code execution vulnerability...

HackerOne: Query parameter reordering causes redirect page to render unsafe URL

Hello hackerone team I want to report I bypass w/c lead to XSS but limited only for IE due to CSP block on chrome Here is the POC ------------------ https://hackerone.com/redirect?signature=c9304cadaeabca0bfb7b92503c0318da5c42a86b&url=http%3A%2F%2Fbuglabs.me&url=JAVASCRIPT:alert%09document.domain...

Drupal Node Template Module Cross-Site Request Forgery Vulnerability

Drupal is a free and open source content management system developed in PHP.Node Template is a module that uses the structure and data of nodes as a template. A cross-site request forgery vulnerability exists in the Drupal Node Template module that allows a remote attacker to construct a maliciou...