40 matches found
PySpur 安全漏洞
PySpur is a visual playground for agent workflows in PySpur open source: iterate through agents 10x faster. A security vulnerability exists in PySpur 0.1.18 and earlier versions, which stems from improper neutralization of special elements of the template engine due to incorrect manipulation of t...
The Signal Clone Mike Waltz Was Caught Using Has Direct Access to User Chats
A new analysis of TM Signal’s source code appears to show that the app sends users’ message logs in plaintext. At least one top Trump administration official used the app...
Change display message for users when trying to access a resource that is in maintenance
Change display message for users when trying to access a resource that is in maintenance mode...
PT-2024-2791 · Microsoft · Azure Private 5G Core
Name of the Vulnerable Software and Affected Versions: Microsoft Azure Private 5G Core affected versions not specified Description: The issue is related to improper input validation in the InitialUEMessage processing, which can lead to a denial-of-service condition. This can be exploited by a...
CVE-2023-40113
In multiple locations, there is a possible way for apps to access cross-user message data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-40113
CVE-2023-40113 affects the Android platform (System component) and stems from a missing permission check that allowed apps to access cross‑user message data. This enables local information disclosure without extra privileges or user interaction. Public details in the provided documents are limite...
CVE-2023-40113
In multiple locations, there is a possible way for apps to access cross-user message data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-40113
In multiple locations, there is a possible way for apps to access cross-user message data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
msgpacker security vulnerability
msgpacker is a fast MessagePack NodeJS/JavaScript implementation. A security vulnerability exists in versions of msgpacker prior to 1.10.1, which stems from the fact that when decoding a user-supplied MessagePack message, an attacker can craft the message in such a way that the decoder triggers...
Login using Okta shows the message "It doesn't look like you have any apps/desktops"
When Okta authentication is used to login for Citrix Cloud, user don't see application or desktop. Instead they get the message: "It doesn't look like you have any apps/desktops"...
PhpWhois 跨站脚本漏洞
PhpWhois is a Whois library containing Php by Spanish individual developer David Saez Padros. A cross-site scripting vulnerability exists in PhpWhois, which originates in the file example.php, where the exit function will terminate the script and print a message to the user. No detailed...
Stored Cross-site Scripting Vulnerability in CupCMS User Message Boards
CupCMS is a content management system that integrates video, stars, news, comics, community and more. A stored cross-site scripting vulnerability exists in CupCMS user message boards, which can be exploited by attackers to obtain an administrator cookie...
Microsoft Windows - WizardOpium Local Privilege Escalation
Microsoft Windows - WizardOpium Local Privilege Escalation include include extern "C" NTSTATUS NtUserMessageCallHWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, ULONGPTR ResultInfo, DWORD dwType, BOOL bAscii; int main HINSTANCE hInstance = GetModuleHandleNULL; WNDCLASSEX wcx; ZeroMemory&wcx,...
SQL Injection Vulnerability in zzcms 8.2 user/msg.php File
zzcms is an enterprise website builder program It is an enterprise website builder program. An SQL injection vulnerability exists in the user/msg.php file of zzcms version 8.2, which can be exploited by attackers to access or modify database information...
Dominant Creature BBG/RPG Browser Game Cross Site Scripting
=================================================================================== Dominant Creature BBG/RPG browser game XSS vulnerabilities =================================================================================== Exploit Title: Dominant Creature BBG/RPG browser game XSS...
CVE-2009-3060
Multiple cross-site scripting XSS vulnerabilities in Joker Board aka JBoard 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the notice parameter to editform.php, 2 the editusermessage parameter to core/editusermessage.php, or 3 the usertitle parameter to...
CVE-2004-2317
Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 allows remote attackers to obtain sensitive information via a user message that is generated when Mbedthis denies access...
Discuz! 2.0/3.0 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/9584/info It has been reported that Discuz! is prone to an Cross Site Scripting vulnerability. This issue is caused by the application failing to properly sanitize links embedded within user messages. Upon successful exploitation of this issue, a maliciou...
Anyone can read all XOOPS private messages
www.phpsecure.org advisory. In french : http://www.phpsecure.org/?zone=pComment&d=101 By valdeux Publiacted on december, 13th 2002 As most part of PHP CMS, XOOPS allows users to send and receive Private Messages PMs, that are saved on the DataBase. We found how all messages are readable. And sure...
Insecure handling of notes in Slashcode
Security Advisory - September 9, 2001 plastic.com's Slashcode Overview: The implementation of private notes on plastic.com's Slashcode-driven site is insecure. Any logged in user can view any message in the system. Description: After logging into the site as a user,...