353 matches found
Employee Management System v1 - 'email' SQL Injection
Exploit Title: Employee Management System v1 - 'email' SQL Injection Google Dork: N/A Application: Employee Management System Date: 19.02.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
CVE-2022-23084
The total size of the user-provided nmreq to nmreqcopyin was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. On systems configured to include netmap in their devfsruleset, a privileged process running in a jail can...
Design/Logic Flaw
nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. The identified...
PYSEC-2024-37
nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. The identified...
CVE-2024-21624 Potential Information Leak in User-Constructed Message Templates in nonebot2
nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. The identified...
CVE-2024-21624 Potential Information Leak in User-Constructed Message Templates in nonebot2
nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. The identified...
NoneBot Potential Information Leak in User-Constructed Message Templates
Impact This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. Patches The identified vulnerability has been remedied in fix 2509 and will be included in...
CVE-2024-20253
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory...
Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems
Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could permit an unauthenticated, remote attacker to execute arbitrary code on an affected device. Tracked as CVE-2024-20253 CVSS score: 9.9, the issue stems...
Privilege Escalation
craftcms/cms is vulnerable to Privilege Escalation. The vulnerability is due to the actionSave function within ElementsController.php, because there are no checks for save permissions before and after applying POST params to the element, as well as the actionSaveUser function within...
Cross Site Scripting
Microweber is vulnerable to Cross-site Scripting XSS .The vulnerability is due to not sanitizing user provided types and title fields during web page generation. This may lead to an attacker injecting malicious scripts that are executed by the victim's browser by sending a crafted URL that reflec...
nodejs: process interuption due to invalid Public Key information in x509 certificates
A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as...
CVE-2023-40847
Tenda AC6 USAC6V1.0BRV15.03.05.16multiTD01.bin is vulnerable to Buffer Overflow via the function "initIpAddrInfo." In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check...
Pool address predictability creates many problems
Lines of code Vulnerability details Impact The Aquifer.boreWell function is responsible for creating new Well. This is done using the LibClone.cloneDeterministic function. The address of the new Well depends solely on the salt and/or immutableData parameter provided by the user. Once a user creat...
CVE-2023-35141
In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context...
CVE-2023-35141
In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context...
CVE-2023-35141
In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context...
CVE-2023-35141
In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context...
When deploying contracts in PermissionedNodeRegistry.deployWithdrawVault(), PermissionlessNodeRegistry.deployWithdrawVault(), an attacker can find out in advance the address of the future deployed contract and deploy his own at this address
Lines of code Vulnerability details Impact The address of the new contract depends solely on the salt parameter, which is calculated from user-provided data. Once a user's create transaction is broadcast, the parameters for calculating salt can be viewed by anyone viewing the public mempool. This...
CVE-2023-2703
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users. This issue affects Competition Management System: before 23.07...