π¨ CVE-2021-41849
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user's list of installed apps and device International Mobile Equipment Identity (IMEI). This PII is transmitted to log.skyroam.com.cn using HTTP, independent of whether the user uses the Simo software.
π@cveNotify
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user's list of installed apps and device International Mobile Equipment Identity (IMEI). This PII is transmitted to log.skyroam.com.cn using HTTP, independent of whether the user uses the Simo software.
π@cveNotify
Athack
@Hack | Infosec on the Edge | 28 - 30 November 2021
atHack (@Hack) is one of the worldβs largest infosec events, bringing together global CISOs, elite ethical hackers & 14,000+ visitors in Riyadh, Saudi Arabia
π¨ CVE-2021-34338
Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function getName() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.
π@cveNotify
Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function getName() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.
π@cveNotify
GitHub
Segmentation fault in function getName, decompile.c:457 Β· Issue #201 Β· libming/libming
Hi, there. There is a segmentation fault in the newest master branch 04aee52. Here is the reproducing command: swftophp poc POC: seg-decompile457.zip Here is the reproduce trace reported by ASAN: =...
π¨ CVE-2021-34339
Ming 0.4.8 has an out-of-bounds buffer access issue in the function getString() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.
π@cveNotify
Ming 0.4.8 has an out-of-bounds buffer access issue in the function getString() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.
π@cveNotify
GitHub
Segmentation fault in function getString, decompile.c:380 Β· Issue #202 Β· libming/libming
Hi, there. There is a segmentation fault in the newest master branch 04aee52. Here is the reproducing command: swftophp poc POC: seg-decompile380.zip Here is the reproduce trace reported by ASAN: =...
π¨ CVE-2021-34340
Ming 0.4.8 has an out-of-bounds buffer access issue in the function decompileINCR_DECR() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.
π@cveNotify
Ming 0.4.8 has an out-of-bounds buffer access issue in the function decompileINCR_DECR() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.
π@cveNotify
π¨ CVE-2021-34341
Ming 0.4.8 has an out-of-bounds read vulnerability in the function decompileIF() in the decompile.c file that causes a direct segmentation fault and leads to denial of service.
π@cveNotify
Ming 0.4.8 has an out-of-bounds read vulnerability in the function decompileIF() in the decompile.c file that causes a direct segmentation fault and leads to denial of service.
π@cveNotify
GitHub
Buffer overflow in decompileIF, decompile.c:2516 Β· Issue #204 Β· libming/libming
Hi, there. There is a buffer overflow in the newest master branch 04aee52. Here is the reproducing command: swftophp poc POC: overflow-decompiler2516.zip Here is the reproduce trace reported by ASA...
π¨ CVE-2022-0880
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.
π@cveNotify
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.
π@cveNotify
GitHub
file upload bug Β· star7th/showdoc@818d7fe
ShowDoc is a tool greatly applicable for an IT team to share documents onlineδΈδΈͺιεΈΈιεITε’ιηε¨ηΊΏAPIζζ‘£γζζ―ζζ‘£ε·₯ε
· - file upload bug Β· star7th/showdoc@818d7fe
π¨ CVE-2021-44625
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in /cloud_config/cloud_device/info interface, which allows a malicious user to executee arbitrary code on the system via a crafted post request.
π@cveNotify
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in /cloud_config/cloud_device/info interface, which allows a malicious user to executee arbitrary code on the system via a crafted post request.
π@cveNotify
GitHub
IoT_CVE/886N/deviceInfoRegister at main Β· Yu3H0/IoT_CVE
My IoT CVEs. Contribute to Yu3H0/IoT_CVE development by creating an account on GitHub.
π¨ CVE-2021-44626
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reg_verify_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
π@cveNotify
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reg_verify_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
π@cveNotify
GitHub
IoT_CVE/886N/getRegVeriRegister at main Β· Yu3H0/IoT_CVE
My IoT CVEs. Contribute to Yu3H0/IoT_CVE development by creating an account on GitHub.
π¨ CVE-2021-34342
Ming 0.4.8 has an out-of-bounds read vulnerability in the function newVar_N() in decompile.c which causes a huge information leak.
π@cveNotify
Ming 0.4.8 has an out-of-bounds read vulnerability in the function newVar_N() in decompile.c which causes a huge information leak.
π@cveNotify
GitHub
Buffer overflow in newVar_N, decompile.c:751 Β· Issue #205 Β· libming/libming
Hi, there. There is a buffer overflow in the newest master branch 04aee52 which causes a huge memory information leakage. Here is the reproducing command: swftophp poc POC: overflow-decompiler751.z...
π¨ CVE-2021-44623
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 via the /cloud_config/router_post/check_reset_pwd_verify_code interface.
π@cveNotify
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 via the /cloud_config/router_post/check_reset_pwd_verify_code interface.
π@cveNotify
GitHub
IoT_CVE/886N/chkResetVeriRegister at main Β· Yu3H0/IoT_CVE
My IoT CVEs. Contribute to Yu3H0/IoT_CVE development by creating an account on GitHub.
π¨ CVE-2021-44622
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post request.
π@cveNotify
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post request.
π@cveNotify
GitHub
IoT_CVE/886N/chkRegVeriRegister at main Β· Yu3H0/IoT_CVE
My IoT CVEs. Contribute to Yu3H0/IoT_CVE development by creating an account on GitHub.
π¨ CVE-2021-44630
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
π@cveNotify
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
π@cveNotify
GitHub
IoT_CVE/886N/modifyAccPwdRegister at main Β· Yu3H0/IoT_CVE
My IoT CVEs. Contribute to Yu3H0/IoT_CVE development by creating an account on GitHub.
π¨ CVE-2022-0926
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
π@cveNotify
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
π@cveNotify
GitHub
Update Files.php Β· microweber/microweber@89200cf
Drag and Drop Website Builder and CMS with E-commerce - Update Files.php Β· microweber/microweber@89200cf
π¨ CVE-2022-0929
XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11.
π@cveNotify
XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11.
π@cveNotify
GitHub
Update build-and-upload.yml Β· microweber/microweber@de6d17b
Drag and Drop Website Builder and CMS with E-commerce - Update build-and-upload.yml Β· microweber/microweber@de6d17b
π¨ CVE-2022-0930
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
π@cveNotify
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
π@cveNotify
GitHub
make plupload only allowed files Β· microweber/microweber@33eb4cc
Drag and Drop Website Builder and CMS with E-commerce - make plupload only allowed files Β· microweber/microweber@33eb4cc
π2
π¨ CVE-2021-27653
Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure.
π@cveNotify
Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure.
π@cveNotify
Pega
Collaboration Center
Pega continually works to implement security controls designed to protect client environments. As part of that effort, Pega has issued a CVE regarding the possibility of misconfiguring Pega Chat and Pega Intelligent Virtual Assistant (IVA) in a way thatβ¦
π¨ To continue providing posts and keeping this channel alive, we accept advertising on the channel.
For advertising plans contact @SirMalware
For advertising plans contact @SirMalware
CVE Notify pinned Β«π¨ To continue providing posts and keeping this channel alive, we accept advertising on the channel. For advertising plans contact @SirMalwareΒ»
π¨ CVE-2022-0880
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.
π@cveNotify
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.
π@cveNotify
GitHub
file upload bug Β· star7th/showdoc@818d7fe
ShowDoc is a tool greatly applicable for an IT team to share documents onlineδΈδΈͺιεΈΈιεITε’ιηε¨ηΊΏAPIζζ‘£γζζ―ζζ‘£ε·₯ε
· - file upload bug Β· star7th/showdoc@818d7fe
π1
π¨ CVE-2021-44625
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in /cloud_config/cloud_device/info interface, which allows a malicious user to executee arbitrary code on the system via a crafted post request.
π@cveNotify
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in /cloud_config/cloud_device/info interface, which allows a malicious user to executee arbitrary code on the system via a crafted post request.
π@cveNotify
GitHub
IoT_CVE/886N/deviceInfoRegister at main Β· Yu3H0/IoT_CVE
My IoT CVEs. Contribute to Yu3H0/IoT_CVE development by creating an account on GitHub.
π1
π¨ CVE-2021-44626
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reg_verify_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
π@cveNotify
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reg_verify_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
π@cveNotify
GitHub
IoT_CVE/886N/getRegVeriRegister at main Β· Yu3H0/IoT_CVE
My IoT CVEs. Contribute to Yu3H0/IoT_CVE development by creating an account on GitHub.