35 matches found
WeiPHP 5.0 - Path Traversal
WeiPHP 5.0 contains a path traversal caused by insufficient input validation of the picUrl parameter in /public/index.php/material/Material/downloadimgage, letting unauthenticated remote attackers read arbitrary files. id: CVE-2025-34045 info: name: WeiPHP 5.0 - Path Traversal author: pikpikcu...
CVE-2025-55849
CVE-2025-55849 involves WeiPHP v5.0 and earlier, where a SQL injection is reported in SucaiController.class.php and the cancelTemplatee function. The CVSS 3.1 base metrics indicate a HIGH impact with local attack vector, no privileges or user interaction required, and full confidentiality/integri...
bigint-buffer 安全漏洞
bigint-buffer is a buffer utility program by the individual developer Michael Wei. A security vulnerability exists in bigint-buffer that stems from a buffer overflow in the toBigIntLE function, which could cause the application to crash...
CVE-2022-48970
In the Linux kernel, the following vulnerability has been resolved: afunix: Get userns from inskb in unixdiaggetexact. Wei Chen reported a NULL deref in skuserns 01, and Paolo diagnosed the root cause: in unixdiaggetexact, the newly allocated skb does not have sk. 2 We must get the userns from th...
CVE-2022-48970
CVE-2022-48970 : In the Linux kernel, a NULL pointer dereference in af_unix handling can occur when unix_diag_get_exact() processes a netlink message because a newly allocated skb may not have skb->sk. The root cause is that unix_diag_get_exact() must obtain the user namespace from the NETLINK...
CVE-2022-48970 af_unix: Get user_ns from in_skb in unix_diag_get_exact().
In the Linux kernel, the following vulnerability has been resolved: afunix: Get userns from inskb in unixdiaggetexact. Wei Chen reported a NULL deref in skuserns 01, and Paolo diagnosed the root cause: in unixdiaggetexact, the newly allocated skb does not have sk. 2 We must get the userns from th...
Congratulations to the Top MSRC 2024 Q2 Security Researchers!
Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2024 Q2 Security Researcher Leaderboard are Yuki Chen,...
Congratulations to the Top MSRC 2023 Q4 Security Researchers!
Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2023 Q4 Security Researcher Leaderboard are Yuki Chen,...
wei-chih.com Improper Access Control vulnerability OBB-3815624
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
DeepTraffic - Deep Learning Models For Network Traffic Classification
For more information please read our papers. Wei Wang's Google Scholar Homepage Wei Wang, Xuewen Zeng, Xiaozhou Ye, Yiqiang Sheng and Ming Zhu,"Malware Traffic Classification Using Convolutional Neural Networks for Representation Learning," in the 31st International Conference on Information...
_harvest and _swap
Handle tensors Vulnerability details Impact The minimum amount out on the implemented harvest and swap methods means that attackers can manipulate the price with flashloans/frontrun before calling harvest to actually force the output to be small, pocketing the difference for themselves when they...
CVE-2021-30172 Jun-He Technology Ltd. Quan-Fang-Wei-Tong-Xun system - Reflected XSS
Special characters of picture preview page in the Quan-Fang-Wei-Tong-Xun system are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out Reflected XSS Cross-site scripting attacks, additionally access and manipulate customer’s...
CVE-2021-30172
CVE-2021-30172 affects the Jun-He/Quan-Fang-Wei-Tong-Xun system: special characters on the image preview page input are not filtered, enabling a remote authenticated attacker to inject JavaScript via reflected XSS and access/manipulate customer information. Connected sources confirm the XSS vecto...
Weiphp SQL注入漏洞
weiphp is an open source, efficient and simple microsoft development platform. A SQL injection vulnerability exists in the wpwhere function in WeiPHP 5.0. No detailed vulnerability details are provided at this time...
File inclusion vulnerability in WeiPHP Ad***.cl***.php file at Shenzhen Yuanmeng Cloud Technology Co.
WeiPHP is an open source WeChat public platform development framework, can easily build a personal WeChat public account operation platform. Shenzhen Yuanmeng Yun Technology Co., Ltd WeiPHP Ad.cl.php file file contains a file inclusion vulnerability, which can be exploited by an attacker to gain...
WeiPHP has an XSS vulnerability
WeiPHP is an open source WeChat public platform development framework, can easily build a personal WeChat public account operation platform. WeiPHP has an XSS vulnerability. An attacker can exploit this vulnerability to execute malicious scripts and obtain administrator cookies...
WeiPHP 5.0beta frontend has an override access vulnerability
WeiPHP is an open source WeChat public platform development framework, can easily build a personal WeChat public account operation platform. WeiPHP5.0beta front-end has an override access vulnerability. The vulnerability stems from the user operation does not verify the identity, the attacker can...
Denial of Service Vulnerability in NSecKrnl32 Driver of Wei-Eye Computerized Supervisory System of Shandong Anzai Information Technology Co.
PowerEye Computer Supervision System is a professional company computer monitoring and LAN monitoring software. It monitors computer screens and also manages users' online behavior. The NSecKrnl32 driver of Shandong Anzai Information Technology Co., Ltd. has a denial of service vulnerability that...
Nokogiri gem, via libxml, is affected by DoS vulnerabilities
The version of libxml2 packaged with Nokogiri contains a vulnerability. Nokogiri has mitigated these issue by upgrading to libxml 2.9.5. Wei Lei discovered that libxml2 incorrecty handled certain parameter entities. An attacker could use this issue with specially constructed XML data to cause...
USN-3504-1 libxml2 vulnerability
Wei Lei discovered that libxml2 incorrecty handled certain parameter entities. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service...