JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE Security Vulnerabilities

U.S. Dept Of Defense: Reflected Cross-site Scripting via search query on ██████

Hi team I found a reflected xss via search query on ████████ that allows an attacker to execute Javascript code into victim's browser. PoC 1- Doing subdomain enumeration of ██████████, i found the following one: ████████ 2- On the search query i saw that is injecting inside an h6 html tag:...

Denial of service of Minder Server from maliciously crafted GitHub attestations in github.com/stacklok/minder

Denial of service of Minder Server from maliciously crafted GitHub attestations in...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Fit2Cloud Jumpserver

CVE-2023-42820 CVE-2023-42820 漏洞说明 JumpServer 密码重置漏洞...

Exploit for Deserialization of Untrusted Data in Apache Log4J

Log4Pot A honeypot for the Log4Shell vulnerability...

Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Putty

CVE-2024-31497 POC This vulnerability exploits the biased...

Out-of-bounds write in ChakraCore

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195,....

Exploit for Deserialization of Untrusted Data in Apache Activemq

honeypot.rs Honeypot that scopes [CVE-2023-46604 (Apache...

In Bluetooth SMP, there is a possible out of bound read of size one due to improper input validation.

In smp_proc_sec_req of smp_act.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for...

Exploit for Cleartext Transmission of Sensitive Information in Securenvoy Multi-Factor Authentication Solutions

securenvoy-cve-2024-37393 RESPONSIBLE DISCLOSURE...

Exploit for Out-of-bounds Write in Microsoft

CVE-2022-21882 win32k LPE bypass...

CVE-2023-41805 Broken Access Control vulnerability in multiple Brainstorm Force plugins

Missing Authorization vulnerability in Brainstorm Force Premium Starter Templates, Brainstorm Force Starter Templates astra-sites.This issue affects Premium Starter Templates: from n/a through 3.2.5; Starter Templates: from n/a through...

PyMongo Out-of-bounds Read in the bson module

Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the...

Exploit for Deserialization of Untrusted Data in Apache Activemq

Resumen Técnico del Ataque: CVE-2023-46604 El script explota...

VMware Carbon Black Cloud Endpoint Standard Installed (macOS)

VMware Carbon Black Cloud Endpoint Standard, formerly Cb Defense and Confer, is installed on the remote macOS...

Deserialization Of Untrusted Data

illuminate/cookie is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to insecure cookie encryption and serialization logic, which allows attackers to potentially decrypt or manipulate cookie data, resulting in arbitrary code...

Exploit for Out-of-bounds Write in Linux Linux Kernel

CVE-2021-22555 This repo hosts TUKRU's Linux Privilege...

Out-of-bounds Read

libxpm is vulnerable to Out-of-bounds Read. The vulnerability is due to insufficient validation, incorrect handling of input data of buffer sizes within XpmCreateXpmImageFromBuffer function. This flaw allows an attacker to trigger an out-of-bounds read error via specially crafted input and read...

Out-of-Bounds Write

grub2 is vulnerable to Out-of-Bounds Write. The vulnerability allows an attacker to execute arbitrary code or bypass secure boot protection by presenting a specially crafted NTFS filesystem...

Out-of-Bounds Write

xwayland is vulnerable to Out-of-Bounds Write. An attacker could exploit this vulnerability by crafting a malicious X11 message that would cause the Xorg X11 server to write data outside of the bounds of a buffer which would allow the attacker to crash the server or escalate...

Out-of-bounds Write

qemu is vulnerable to Out-of-bounds Write. The vulnerability is due to there is no proper bounds checking in the virtio_net_flush_tx function of QEMU's virtio-net device when certain guest features are enabled. This oversight allows for a stack-based buffer overflow, enabling a malicious user to...

Exploit for Unrestricted Upload of File with Dangerous Type in Elementor Website Builder

WordPress Plugin - Elementor 3.6.0 3.6.1 3.6.2 Thực thi mã từ...

Regular Expression Denial Of Service (ReDoS)

micromatch is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability is due a regex expression with inefficient complexity within the micromatch.braces() method. An attacker can submit a large payload without a closing bracket, which results in Regular Expression Denial of...

[Out of Bounds Write in attp_build_value_cmd in libbt-stack]

In attp_build_value_cmd of att_protocol.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...

Potential Intent Redirection issue in SettingsActivity of Settings app

In launchDeepLinkIntentToRight of SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...

Can access comments and attachments of deleted cards

Description Impact A user with access to a deck board was able to access comments and attachments of already deleted cards. Patches It is recommended that the Nextcloud Deck app is upgraded to 1.6.6 or 1.7.5 or 1.8.7 or 1.9.6 or 1.11.3 or 1.12.1 Workarounds Disable Deck app References HackerOne...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Python Requests

POC for CVE-2023-32681 This is a Python 3 implementation of...

Index-out-of-bounds in LibRaw::apply_tiff

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55722 Crash type: Index-out-of-bounds Crash state: LibRaw::apply_tiff LibRaw::parse_jpeg...

Denial Of Service (DoS)

github.com/stacklok/minder is vulnerable to Denial Of Service (DoS). The vulnerability is due to the engines lack of template size limits, which allows an attacker to execute a Denial of Service (DoS) attack by submitting maliciously crafted large...

TCPDF vulnerable to Regular Expression Denial of Service

TCPDF version <= 6.7.4 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted...

Out-of-Bounds Read

libxpm.so is vulnerable to Out-of-bounds Read. The vulnerability is due to a boundary condition, allowing a local user to trigger an out of bounds read error and read memory contents from the...

Denial Of Service (DOS)

jwcrypto is vulnerable to Denial Of Service (DoS). The vulnerability is due to a missing upper bound check in the p2c header value (PBES2 count) which contains the PBKDF2 iteration count used in the PBKDF2 cryptographic key derivation function. The unbounded value can be exploited by an attacker...

SMB Login Check Scanner

This module will test a SMB login on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your...

Regular Expression Denial Of Service (ReDoS)

tecnickcom/tcpdf is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability is due to a regular expression with inefficient complexity utilized when parsing a SVG file. This allows an attacker to cause a denial of service by crafting a malicious svg...

Exploit for Insertion of Sensitive Information into Log File in Milesight Ur5X Firmware

CVE-2023-43261 - PoC Critical Vulnerability Exposes...

Denial Of Service (DoS)

github.com/stacklok/minder is vulnerable to a Denial of Service (DoS). The vulnerability is due to missing request size limits by the REST ingester when processing responses from remote REST endpoints, which allows an attacker to execute a Denial of Service attack by controlling a remote REST...

read&write private files of apps without any permission

In multiple locations, there is a possible way to access screenshots due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

[Auto] [Bluetooth] Heap OOB write of 0x00 in SDP_AddAttribute

In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...

ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability

Impact There is a vulnerability in Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability. References CVE-2024-35255 Patches https://github.com/traefik/traefik/releases/tag/v2.11.5 https://github.com/traefik/traefik/releases/tag/v3.0.3 Workarounds No...

Denial of service in Kubernetes in k8s.io/kubernetes

Denial of service in Kubernetes in...

Out-of-bounds Read

libXpm is vulnerable to Out-of-bounds Read. The vulnerability is caused due to a boundary condition that can be exploited to read contents of memory of the system. An attacker can trigger this out-of-bounds read error compromising confidentiality of the...

Out-of-bounds Write

X.Org server is vulnerable to Out-of-bounds Write. The vulnerability is caused due to the cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX...

word-wrap vulnerable to Regular Expression Denial of Service

All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result...

ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability

Impact There is a vulnerability in Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability. References CVE-2024-35255 Patches https://github.com/traefik/traefik/releases/tag/v2.11.5 https://github.com/traefik/traefik/releases/tag/v3.0.3 Workarounds No...

Denial Of Service (DoS)

rexml is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper parsing of XML with many <characters in an attribute value, which allows an attacker to cause Denial of...

CVE-2023-42419 Improper Management of Cryptographic Keys in the Maintenance Server in QCOW Air-Gapped Distribution (China Edition)

Maintenance Server, in Cybellum's QCOW air-gapped distribution (China Edition), versions 2.15.5 through 2.27, was compiled with a hard-coded private cryptographic key. An attacker with administrative privileges & access to the air-gapped server could potentially use this key to run commands on the....

Out-of-bounds write in Microsoft.ChakraCore

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1195, CVE-2019-1196,....

Exploit for Out-of-bounds Write in Polkit Project Polkit

pkexec-exploit Local Privilege Escalation in polkit's pkexec...

[Out of Bounds Read in BNEP_ConnectResp Function in bnep_api.cc in BluetoothOut of Bounds Read in BNEP_ConnectResp Function in bnep_api.cc in BluetoothOut of Bounds Read in BNEP_ConnectResp Function in bnep_api.cc in Bluetooth]

In BNEP_ConnectResp of bnep_api.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for...

Reading contacts of other users using emergency contact settings

In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

Bypass of device carrier restrictions (OS Version = android 12)

In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...