The Bank Of Tokyo-mitsubishi Ufj, Ltd. Security Vulnerabilities

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034 Precompiled builds for CVE-2021-4034. Of...

Exploit for Deserialization of Untrusted Data in Apache Log4J

log4j-shell-poc A Proof-Of-Concept for the recently found...

gqlparser denial of service vulnerability via the parserDirectives function

An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives...

Azure Storage Movement Client Library Denial of Service Vulnerability

Azure Storage Movement Client Library Denial of Service...

Unlimited number of NTS-KE connections can crash ntpd-rs server

Summary Missing limit for accepted NTS-KE connections allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such as the default ntpd-rs configuration, are unaffected. Details Operating systems have a limit for the number...

CRI-O's pods can break out of resource confinement on cgroupv2

Impact What kind of vulnerability is it? Who is impacted? All versions of CRI-O running on cgroupv2 nodes. Unchecked access to an experimental annotation allows a container to be unconfined. Back in 2021, support was added to support an experimental annotation that allows a user to request...

APM Server vulnerable to Insertion of Sensitive Information into Log File

An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this...

Exploit for Out-of-bounds Write in Google Chrome

CVE-2023-4863 ```bash # checkout webp git clone...

[Out of Bounds Write in BTM_BlePeriodicSyncTransfer in btm_ble_gap.cc in libbt-stack]

In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

[Out of Bounds Write in nci_snd_set_routing_cmd in nci_hmsgs.cc in libnfc-nci]

In nci_snd_set_routing_cmd of nci_hmsgs.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for...

Delivery of new intents to protected activities via Activity#navigateUpTo() API

In navigateUpTo of Task.java, there is a possible way to launch an unexported intent handler due to a logic error in the code. This could lead to local escalation of privilege if the targeted app has an intent trampoline, with no additional execution privileges needed. User interaction is not...

[Out of Bounds Write in phNxpNciHal_write_unlocked Function in phNxpNciHal.cc in nfc_nci_nxp]

In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

TYPO3 Denial of Service in Frontend Record Registration

TYPO3’s built-in record registration functionality (aka basic shopping cart) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual...

[Out of Bounds Write in read_attr_value Function in gatt_db.cc in Bluetooth]

In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...

Exploit for External Control of File Name or Path in Fortinet Fortinac

CVE-2022-39952 POC for CVE-2022-39952 affecting Fortinet...

[Out of Bounds Write in BTM_BlePeriodicSyncSetInfo in btm_ble_gap.cc in libbt-stack]

In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...

[Out of Bounds Read in pin_reply Function in bluetooth.cc in Bluetooth]

In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for...

[oob write due to invaild length check in Mfc_Transceive() of libnfc_nci_jni.so]

In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

[Out of Bounds Read in extract3GPPGlobalDescriptions Function in TextDescriptions.cpp in libstagefright_timedtext]

In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure from the media server with no additional execution privileges needed. User interaction is not needed for...

[Out of Bounds Read in updateAudioTrackInfoFromESDS_MPEG4Audio Function in MPEG4Extractor.cpp in libmp4extractor]

In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for...

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege...

Exploit for Out-of-bounds Write in Polkit Project Polkit

██████╗ ██╗ ██╗██╗ ██╗███╗ ██╗███████╗██████╗ ██╔══██...

[Crafted AVRCP cmd packet Causes Out-of-bounds Read in Bluetooth]

In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for...

The Moneytizer <= 9.5.20 - Missing Authorization via multiple AJAX actions

Description The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the /core/core_ajax.php file in all versions up to, and including, 9.5.20. This makes it possible....

Denial Of Service (DoS)

rexml is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper parsing of XML with many &lt;characters in an attribute value, which allows an attacker to cause Denial of...

Exploit for Exposure of Resource to Wrong Sphere in Microsoft

Blank Space Blank Space is a refactoring of James Forshaw's...

Exploit for Out-of-bounds Write in Fortinet Fortiproxy

🇮🇱 #BringThemHome #NeverAgainIsNow 🇮🇱 **We demand...

Denial Of Service (DoS)

qemu is vulnerable to Denial of Service (DoS). A wrong exit condition within qemu may lead to an infinite loop in the 'inflate_buffer' function resulting in a denial of...

Denial Of Service (DoS)

libssh is vulnerable to Denial Of Service (DoS). The vulnerability is due to a lack of proper validation and checking of return values in the abstract layer for message digest (MD) operations implemented by different supported crypto backends. This could lead to low-memory failures and potentially....

Out-of-bounds Write

X.Org server is vulnerable to Out-of-bounds Write. The vulnerability is caused due to not allocating sufficient memory space for the devices's particular number of logical buttons. This can lead to a heap overflow if a bigger value is used. DeviceFocusEventand the XIQueryPointer reply of X.Org...

Exploit for Deserialization of Untrusted Data in Apache Log4J

...

LuckyWP Table of Contents <= 2.1.4 - Authenticated(Administrator+) Cross-Site Scripting

Description The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Header Title' field in all versions up to and including 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-5516 itsourcecode Online Blood Bank Management System massage.php sql injection

A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file massage.php. The manipulation of the argument bid leads to sql injection. The attack can be launched remotely.....

CVE-2024-5516 itsourcecode Online Blood Bank Management System massage.php sql injection

A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file massage.php. The manipulation of the argument bid leads to sql injection. The attack can be launched remotely.....

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

Vulnerability Scanner for CVE-2024-24919 (need Shodan API)...

DotCMS - Arbitrary File Upload

DotCMS management system contains an arbitrary file upload vulnerability via the /api/content/ path which can allow attackers to upload malicious Trojans to obtain server...

Parts of Report are dropped as the wrong type during downcast

In affected versions, after a Report is constructed using wrap_err or wrap_err_with to attach a message of type D onto an error of type E, then using downcast to recover ownership of either the value of type D or the value of type E, one of two things can go wrong: If downcasting to E, there...

Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure Exploit

...

Gitea allowed assignment of private issues in code.gitea.io/gitea

Gitea allowed assignment of private issues in...

Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java

Impact Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the BOM. The DocumentBuilderFactory used to evaluate XPath expressions was not configured securely, making the library vulnerable to XML...

Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security

Improper Restriction of Excessive Authentication Attempts in...

Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security

All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication (2FA). Although the application blocks the user after several failed attempts to provide 2FA codes, attackers can bypass this....

Minder affected by denial of service from maliciously configured Git repository

Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on these lines:...

Registering BroadcastReceiver as another app through IApplicationThread of isolated external service

In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction...

Displaying photos of other users via a notification with RemoteViews.setIcon/4

In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for...

[Out of Bounds Read in avdt_scb_hdl_pkt_no_frag Function in avdt_scb_act.cc in Bluetooth]

In avdt_scb_hdl_pkt_no_frag of avdt_scb_act.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

[Out of Bounds Write in bta_av_rc_disc_done Function in bta_av_act.cc in Bluetooth]

In bta_av_rc_disc_done of bta_av_act.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

[Regression] Uninstalling of packages by DPC does not work in T

In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

[Out of Bounds Read in process_service_search_rsp Function in sdp_discoverty.cc in Bluetooth]

In process_service_search_rsp of sdp_discovery.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...

[Crafted HFP Client Packet Causes Out-of-bounds Write in Bluetooth]

In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...