Yayoi Co., Ltd. Security Vulnerabilities

CVE-2023-43295

Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted...

CVE-2023-43295

Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted...

[SECURITY] Fedora 39 Update: grafana-pcp-5.1.1-4.fc39

This Grafana plugin for Performance Co-Pilot includes data sources for scalable time series from pmseries(1) and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace(1), as well as several...

Binary Vulnerability in R230 of Xinhua San Technologies Ltd.

The H3C R230 is a home wireless router. A binary vulnerability exists in the H3C-R230 of Xinhua San Technologies Limited, which can be exploited by attackers to trigger a stack...

CVE-2017-9597

The "Blue Ridge Bank and Trust Co. Mobile Banking" by Blue Ridge Bank and Trust Co. app 3.0.1 -- aka blue-ridge-bank-and-trust-co-mobile-banking/id699679197 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive...

Arbitrary File Deletion Vulnerability in Intelligent Mobile Surveillance System of Zhejiang Zhongcheng Technology Co.

Zhejiang Zhongcheng Technology Co., Ltd. is a total solution provider of intelligent manufacturing for the process industry. An arbitrary file deletion vulnerability exists in the Intelligent Mobile Monitoring System of Zhejiang Zhongcheng Technology Co. Ltd, which can be exploited by...

CVE-2022-47442 WordPress UsersWP Plugin <= 1.2.3.9 is vulnerable to CSV Injection

Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through...

Unauthorized Access Vulnerability in MOXA E1242 Ethernet IO Server

Mosa Technologies (Shanghai) Co., Ltd. is a company mainly engaged in professional and technical services. An unauthorized access vulnerability exists in MOXA E1242 Ethernet IO Server, which can be exploited by attackers to obtain sensitive...

CVE-2023-42655

In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with System execution privileges...

Microsoft named a Leader in 2023 Gartner® Magic Quadrant™ for Access Management for the 7th year​​

Protecting identity from compromise is top of mind for security professionals as identity attacks continue to intensify. Earlier this year we reported that we had observed a nearly three-fold increase in password attacks per second in the last two years, from 579 in 2021 to 4,000 in 2023.1...

Microsoft named a Leader in 2023 Gartner® Magic Quadrant™ for Access Management for the 7th year​​

Protecting identity from compromise is top of mind for security professionals as identity attacks continue to intensify. Earlier this year we reported that we had observed a nearly three-fold increase in password attacks per second in the last two years, from 579 in 2021 to 4,000 in 2023.1...

CVE-2023-42645

In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges...

CVE-2017-15328

Huawei HG8245H version earlier than V300R018C00SPC110 has an authentication bypass vulnerability. An attacker can access a specific URL of the affect product. Due to improper verification of the privilege, successful exploitation may cause information...

CVE-2017-8176

Huawei IPTV STB with earlier than IPTV STB V100R003C01LMYTa6SPC001 versions has an authentication bypass vulnerability. An attacker could exploit this vulnerability to access the serial interface and modify the configuration. Successful exploit could lead to the authentication bypass and view...

Scanning Danger: Unmasking the Threats of Quishing

Scanning Danger: Unmasking the Threats of Quishing By Shyava Tripathi, Raghav Kapoor and Rohan Shah · December 07, 2023 Phishing, a prevalent cybercrime worldwide, is responsible for as much as 90 percent of data breaches, making it a significant avenue for the theft of sensitive credentials and...

[SECURITY] Fedora 39 Update: mvfst-2023.10.16.00-1.fc39

mvfst (Pronounced move fast) is a client and server implementation of IETF QU IC protocol in C++ by Facebook. QUIC is a UDP based reliable, multiplexed transp ort protocol that will become an internet standard. The goal of mvfst is to build a performant implementation of the QUIC transport...

Scanning Danger: Unmasking the Threats of Quishing

Scanning Danger: Unmasking the Threats of Quishing By Shyava Tripathi and Rohan Shah · December 7, 2023 This blog was also written by Raghav Kapoor Phishing, a prevalent cybercrime worldwide, is responsible for as much as 90 percent of data breaches, making it a significant avenue for the theft...

CVE-2023-29863

Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to contain a SQL injection vulnerability via the tem:statement parameter in the WSDL...

CVE-2023-29863

Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to contain a SQL injection vulnerability via the tem:statement parameter in the WSDL...

CVE-2021-22853

The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to...

Buffer Overflow Vulnerability in H3C B6 of Xinhua San Technologies Co.

H3C B6 Gigabit Dual Band Router is a newly designed Wi-Fi 6 home wireless intelligent router from Xinhua San Intelligent Terminal Co. A buffer overflow vulnerability exists in the H3C B6 of Xinhua San Technologies Limited, which can be exploited by an attacker to trigger a stack...

CVE-2012-3419

Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line...

CVE-2021-44596

Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the service is running under SYSTEM privileges) and manipulate it to execute malicious...

CVE-2021-44596

Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the service is running under SYSTEM privileges) and manipulate it to execute malicious...

CVE-2012-3421

The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an "event-driven programming...

CVE-2023-45746

Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5405 and earlier (Movable Type 7 Series),.....

CVE-2012-3420

Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the...

Anhui Green Persimmon Information Technology Co., Ltd LiveGBS has information leakage vulnerability

LiveGBS is a national standard (GB28181) streaming media service software , can provide to provide user management and Web visualization page management , open source front-end page source code ; to provide device status management , you can real-time view of whether the device is offline and...

Microsoft Patch Tuesday, November 2023 Edition

Microsoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three "zero day" vulnerabilities that Microsoft warns are already being exploited in active attacks. The zero-day threats targeting Microsoft this month...

mXSS in AntiSamy

Impact There is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the preserveComments directive must be enabled in your policy file and also allow for certain tags at the same time. As a...

Anhui Green Persimmon Information Technology Co., Ltd. LiveQing has a logic flaw vulnerability

LiveQing Aoki video streaming service solution. Anhui Green Persimmon Information Technology Co., Ltd LiveQing has a logic flaw vulnerability that can be exploited by attackers to delete arbitrary...

ClearFake Campaign Expands to Target Mac Systems with Atomic Stealer

The macOS information stealer known as Atomic is now being delivered to target via a bogus web browser update chain tracked as ClearFake. "This may very well be the first time we see one of the main social engineering campaigns, previously reserved for Windows, branch out not only in terms of...

Grav Server-side Template Injection (SSTI) via Twig Default Filters

Hi, actually we have sent the bug report to [email protected] on 27th March 2023 and on 10th April 2023. Grav Server-side Template Injection (SSTI) via Twig Default Filters Summary: | Product | Grav CMS | | ----------------------- |...

CVE-2023-42750

In gnss service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...

CVE-2023-42647

In Ifaa service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges...

CVE-2023-4393

HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an...

CVE-2023-42634

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...

CVE-2023-42633

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...

CVE-2023-42653

In faceid service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution...

Command Execution Vulnerability in Reporter System of Fujian Strait Information Technology Co. Ltd (CNVD-2023-81306)

Fujian Strait Information Technology Co., Ltd. is one of the earliest companies in China specializing in independent research and development of network security, product sales and security services. A command execution vulnerability exists in the Reporter system of Fujian Strait Information...

CVE-2023-4947

The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_ean_data AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and...

CVE-2023-4948

The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_cvr_data AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and...

CVE-2023-42631

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...

CVE-2023-42632

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...

CVE-2023-42640

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...

CVE-2023-39341

"FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business...

CVE-2022-48460

In setting service, there is a possible undefined behavior due to incorrect error handling. This could lead to local denial of service with no additional execution privileges...

CVE-2023-42641

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...

CVE-2023-42644

In dm service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...

CVE-2023-42654

In dm service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...