JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE Security Vulnerabilities

Mattermost denial of service through long emoji value

Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio

CVE-2023-28432...

Out-of-bounds write in Microsoft.ChakraCore

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196,....

Moodle CSRF risks due to misuse of confirm_sesskey

Incorrect CSRF token checks resulted in multiple CSRF...

Exploit for Improper Control of Interaction Frequency in Asus Gt-Axe11000 Firmware

easy-exploits The current repository contains exploits of...

Spring Framework vulnerable to denial of service

In Spring Framework versions prior to 5.2.24.release+ , 5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial-of-service (DoS)...

By-passing Protection of PharStreamWrapper Interceptor

Insecure deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application. In July 2018, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the TYPO3 core. For more details.....

Denial of Service in Spring Framework

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller....

Duplicate Advisory: Denial of Service in JSON-Java

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4jq9-2xhw-jpx7. This link is maintained to preserve external references. Original Description Denial of Service in JSON-Java versions prior to 20230618. A bug in the parser means that an input string of modest...

Easy Table of Contents < 2.0.66 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed PoC You should create new post with two more heading. Go to the settings of the plugin...

Exploit for Deserialization of Untrusted Data in Fortra Goanywhere Managed File Transfer

CVE-2023-0669 This Repo contain the pcakages and...

Exploit for Deserialization of Untrusted Data in Fortra Goanywhere Managed File Transfer

CVE-2023-0669 This Repo contain the pcakages and...

vyper performs double eval of raw_args in create_from_blueprint

Summary Using the create_from_blueprint builtin can result in a double eval vulnerability when raw_args=True and the args argument has side-effects. A contract search was performed and no vulnerable contracts were found in production. In particular, the raw_args variant of create_from_blueprint...

Exploit for Insecure Default Initialization of Resource in Apache Superset

CVE-2023-27524: Apache Superset Auth Bypass Script to check...

CVE-2024-28833 Missing brute-force protection for two factor authentication

Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor...

air-insignes.fr Cross Site Scripting vulnerability OBB-3861029

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

[The use of BD_ADDR in BR/EDR as the identity address of BLE makes the dual-stack trackable]

In bta_dm_remove_device of bta_dm_act.cc, there is a possible way for a BT device to receive a long term trackable identifier due to a permissions bypass. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...

[Out of Bounds Read in WT_VoiceGain in eas_wtengine.c]

In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for...

Local persistent denial of service when setting PackageManager.GET_SIGNATURES

In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...

MsQuic Remote Denial of Service Vulnerability

Impact The MsQuic server will continue to leak memory until no more is available, resulting in a denial of service. Patches The following patch was made: Fix Memory Leak from Multiple Decodes of TP - https://github.com/microsoft/msquic/commit/d364feeda0dd8b729eca6fef149c1ef98630f0cb Workarounds...

About the security content of visionOS 1.2

About the security content of visionOS 1.2 This document describes the security content of visionOS 1.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

Exploit for Improper Control of Dynamically-Managed Code Resources in Apache Solr

Apache-Solr-RCE_CVE-2023-50386_POC Apache Solr Backup/Restore...

Cisco IOS XE Software Unified Threat Defense Denial of Service Vulnerability

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more...

MsQuic Remote Denial of Service Vulnerability

Impact The MsQuic server will continue to leak memory until no more is available, resulting in a denial of service. Patches The following patch was made: Fix Memory Leak from Multiple Decodes of TP - https://github.com/microsoft/msquic/commit/d364feeda0dd8b729eca6fef149c1ef98630f0cb Workarounds...

Out-of-bounds write in Microsoft.ChakraCore

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196,....

Use Of A Key Past Its Expiration Date

moodle/moodle is vulnerable to Use of a Key Past its Expiration Date. The vulnerability is caused due to improper key generation, as the same key is used interchangeably for a user's QR login key and their auto-login key. This allows an attacker to exploit the same key used interchangeably for a...

Guava vulnerable to insecure use of temporary directory

Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files...

Exploit for Out-of-bounds Write in Fortinet Fortiproxy

CVE-2024-21762-Exploit-PoC-Fortinet-SSL-VPN-Check Chequea si...

Exploit for Use After Free in Microsoft

PoC for CVE-2023-36802 Exploit targeting MSKSSRV.SYS driver....

CVE-2023-25820

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server is the enterprise version of the file server software. In Nextcloud Server versions 25.0.x prior to 25.0.5 and versions 24.0.x prior to 24.0.10 as well as Nextcloud...

Allaire/Macromedia JRun Sample Files (HTTP) - Active Check

This host is running the Allaire JRun web server and has sample files...

Index-out-of-bounds in LibRaw::kodak_radc_load_raw

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52139 Crash type: Index-out-of-bounds Crash state: LibRaw::kodak_radc_load_raw LibRaw::unpack...

Use-of-uninitialized-value in QUICVariableInt::size

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69001 Crash type: Use-of-uninitialized-value Crash state: QUICVariableInt::size Http3SettingsFrame::Http3SettingsFrame...

CVE-2024-28833 Missing brute-force protection for two factor authentication

Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor...

Out-of-bounds write in Microsoft.ChakraCore

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1196,....

Out-of-bounds write in Microsoft.ChakraCore

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196,....

vyper performs double eval of raw_args in create_from_blueprint

Summary Using the create_from_blueprint builtin can result in a double eval vulnerability when raw_args=True and the args argument has side-effects. A contract search was performed and no vulnerable contracts were found in production. In particular, the raw_args variant of create_from_blueprint...

Denial Of Service (DoS)

pocketmine/pocketmine-mp is vulnerable to Denial Of Service (DoS). The vulnerability exists in due to the netresearch/jsonmapper dependency due to improper mappings of JSON arrays and objects onto scalar model properties which allows an attacker to send malformed JWT JSON in the LoginPacket...

U.S. Dept Of Defense: Reflected XSS via Moodle on ███ [CVE-2022-35653]

Hi Security Team I found an xss vulnerability on your website [CVE-2022-35653] Refrence : https://vulners.com/nuclei/NUCLEI:CVE-2022-35653 if you wanna test this : ``` id: CVE-2022-35653 info: name: Moodle LTI module Reflected - Cross-Site Scripting author: iamnoooob,pdresearch severity:...

Denial Of Service (DOS)

Intel(R) Core(TM) Ultra Processors are vulnerable to Denial Of Service (DOS). The vulnerability is caused due to a Sequence of processor instructions leading to unexpected behavior. This can allow an authenticated user to potentially enable Denial Of Service (DOS) via local...

Exploit for Deserialization of Untrusted Data in Apache Activemq

Resumen Técnico del Ataque: CVE-2023-46604 El script explota...

Exploit for Deserialization of Untrusted Data in Apache Log4J

nse-log4shell Nmap NSE scripts to check against log4shell or...

VMware Carbon Black Cloud Endpoint Standard Installed (Windows)

VMware Carbon Black Cloud Endpoint Standard, formerly Cb Defense and Confer, is installed on the remote Windows...

Index-out-of-bounds in LibRaw::ahd_interpolate_r_and_b_in_rgb_and_convert_to_cielab

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51965 Crash type: Index-out-of-bounds Crash state: LibRaw::ahd_interpolate_r_and_b_in_rgb_and_convert_to_cielab LibRaw::ahd_interpolate...

Anti-Malware Security and Brute-Force Firewall < 4.23.56 - Unauthenticated Remote Code Execution

Description The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.21.96 due to weak nonce generation combined with missing authorization. This makes it possible for unauthenticated attackers to brute...

Exploit for Deserialization of Untrusted Data in Vmware Spring Advanced Message Queuing Protocol

spring-amqp-deserialization A Proof of Concept of...

Index-out-of-bounds in LibRaw::apply_tiff

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55722 Crash type: Index-out-of-bounds Crash state: LibRaw::apply_tiff LibRaw::parse_jpeg...

Denial of service of Minder Server from maliciously crafted GitHub attestations in github.com/stacklok/minder

Denial of service of Minder Server from maliciously crafted GitHub attestations in...

Denial Of Service (DoS)

gvisor.dev/gvisor is vulnerable to a Denial of Service (DoS). The vulnerability is due to improper checks for mounts marked as unmounted before propagating, which could lead to a panic. This allows an attacker running as root and with permission to mount volumes to kill the...

Exploit for Deserialization of Untrusted Data in Fortra Goanywhere Managed File Transfer

CVE-2023-0669 GoAnywhere MFT suffers from a...