π¨ CVE-2023-49986
A cross-site scripting (XSS) vulnerability in the component /admin/parent of School Fees Management System 1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.
π@cveNotify
A cross-site scripting (XSS) vulnerability in the component /admin/parent of School Fees Management System 1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.
π@cveNotify
GitHub
GitHub - geraldoalcantara/CVE-2023-49986: School Fees Management System v1.0 - Cross-Site Scripting (XSS) Vulnerability in "name"β¦
School Fees Management System v1.0 - Cross-Site Scripting (XSS) Vulnerability in "name" parameter on "add_new_parent" - geraldoalcantara/CVE-2023-49986
π¨ CVE-2022-46091
Cross Site Scripting (XSS) vulnerability in the feedback form of Online Flight Booking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the airline parameter.
π@cveNotify
Cross Site Scripting (XSS) vulnerability in the feedback form of Online Flight Booking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the airline parameter.
π@cveNotify
GitHub
CVE-2022-46091/CVE-34 at main Β· ASR511-OO7/CVE-2022-46091
Contribute to ASR511-OO7/CVE-2022-46091 development by creating an account on GitHub.
π¨ CVE-2023-7246
The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks
π@cveNotify
The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks
π@cveNotify
WPScan
System Dashboard < 2.8.10 - XSS via Header Injection
See details on System Dashboard < 2.8.10 - XSS via Header Injection CVE 2023-7246. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2023-49982
Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts.
π@cveNotify
Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts.
π@cveNotify
GitHub
GitHub - geraldoalcantara/CVE-2023-49982: School Fees Management System v1.0 - Incorrect Access Control - Privilege Escalation
School Fees Management System v1.0 - Incorrect Access Control - Privilege Escalation - geraldoalcantara/CVE-2023-49982
π¨ CVE-2024-34252
wasm3 v0.5.0 was discovered to contain a global buffer overflow which leads to segmentation fault via the function "PreserveRegisterIfOccupied" in wasm3/source/m3_compile.c.
π@cveNotify
wasm3 v0.5.0 was discovered to contain a global buffer overflow which leads to segmentation fault via the function "PreserveRegisterIfOccupied" in wasm3/source/m3_compile.c.
π@cveNotify
GitHub
[Security] Global Buffer Overflow on "PreserveRegisterIfOccupied" Function Β· Issue #483 Β· wasm3/wasm3
Environment OS : Linux 5.15.146.1-microsoft-standard-WSL2 #1 SMP Thu Jan 11 04:09:03 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux Commit : 139076a98b8321b67f850a844f558b5e91b5ac83 Version : 0.5.0 Clang ...
π¨ CVE-2024-37018
The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken by discovery packets.
π@cveNotify
The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken by discovery packets.
π@cveNotify
π¨ CVE-2024-33894
Insecure Permission vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are executing several processes with elevated privileges.
π@cveNotify
Insecure Permission vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are executing several processes with elevated privileges.
π@cveNotify
π¨ CVE-2024-2937
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p0; Valhall GPU Kernel Driver: from r41p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p0.
π@cveNotify
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p0; Valhall GPU Kernel Driver: from r41p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p0.
π@cveNotify
Arm
Arm Product Security Center
Arm is committed to upholding the highest standards of security across its products and the wider Arm ecosystem. To support its partners and the broader community, Arm publishes three types of security-related documentation, Security Bulletins, Security Updatesβ¦
π¨ CVE-2024-4607
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p0; Valhall GPU Kernel Driver: from r41p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p0.
π@cveNotify
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p0; Valhall GPU Kernel Driver: from r41p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p0.
π@cveNotify
Arm
Arm Product Security Center
Arm is committed to upholding the highest standards of security across its products and the wider Arm ecosystem. To support its partners and the broader community, Arm publishes three types of security-related documentation, Security Bulletins, Security Updatesβ¦
π¨ CVE-2023-31355
Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest.
π@cveNotify
Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest.
π@cveNotify
π¨ CVE-2024-21978
Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.
π@cveNotify
Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.
π@cveNotify
π¨ CVE-2024-21980
Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.
π@cveNotify
Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.
π@cveNotify
π¨ CVE-2024-40530
Insecure Permissions vulnerability in UAB Lexita PanteraCRM CMS v.401.152 and Patera CRM CMS v.402.072 allows a remote attacker to execute arbitrary code via modification of the X-Forwarded-For header component.
π@cveNotify
Insecure Permissions vulnerability in UAB Lexita PanteraCRM CMS v.401.152 and Patera CRM CMS v.402.072 allows a remote attacker to execute arbitrary code via modification of the X-Forwarded-For header component.
π@cveNotify
π¨ CVE-2017-7961
The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. NOTE: third-party analysis reports "This is not a security issue in my view. The conversion surely is truncating the double into a long value, but there is no impact as the value is one of the RGB components.
π@cveNotify
The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. NOTE: third-party analysis reports "This is not a security issue in my view. The conversion surely is truncating the double into a long value, but there is no impact as the value is one of the RGB components.
π@cveNotify
π¨ CVE-2017-7963
The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings. NOTE: the vendor disputes this, stating "There is no security issue here, because GMP safely aborts in case of an OOM condition. The only attack vector here is denial of service. However, if you allow attacker-controlled, unbounded allocations you have a DoS vector regardless of GMP's OOM behavior.
π@cveNotify
The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings. NOTE: the vendor disputes this, stating "There is no security issue here, because GMP safely aborts in case of an OOM condition. The only attack vector here is denial of service. However, if you allow attacker-controlled, unbounded allocations you have a DoS vector regardless of GMP's OOM behavior.
π@cveNotify
π¨ CVE-2017-8284
The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated "this bug does not violate any security guarantees QEMU makes.
π@cveNotify
The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated "this bug does not violate any security guarantees QEMU makes.
π@cveNotify
π¨ CVE-2017-8459
Brave 0.12.4 has a Status Bar Obfuscation issue in which a redirection target is shown in a possibly unexpected way. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) the display of web-search results
π@cveNotify
Brave 0.12.4 has a Status Bar Obfuscation issue in which a redirection target is shown in a possibly unexpected way. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) the display of web-search results
π@cveNotify
HackerOne
Brave Software disclosed on HackerOne: Status Bar Obfuscation
## Summary:
In this issue, Brave's Status Bar will show the link where the user will be redirected but after he clicks the link, he redirected to other website.
## Products affected:
Latest...
In this issue, Brave's Status Bar will show the link where the user will be redirected but after he clicks the link, he redirected to other website.
## Products affected:
Latest...
π¨ CVE-2017-8804
The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references
π@cveNotify
The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references
π@cveNotify
π¨ CVE-2017-8912
CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug.
π@cveNotify
CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug.
π@cveNotify
πBlog of Osanda
CMSMS 2.1.6 Multiple Vulnerabilities | πBlog of Osanda
One day I felt like reviewing the source code of some random CMS and I picked CMSMS. This is totally random and I did this to kill boredom. Remote Code Execution β CVE-2017-8912 In admin/editβ¦
π¨ CVE-2017-8769
Facebook WhatsApp Messenger before 2.16.323 for Android uses the SD card for cleartext storage of files (Audio, Documents, Images, Video, and Voice Notes) associated with a chat, even after that chat is deleted. There may be users who expect file deletion to occur upon chat deletion, or who expect encryption (consistent with the application's use of an encrypted database to store chat text). NOTE: the vendor reportedly indicates that they do not "consider these to be security issues" because a user may legitimately want to preserve any file for use "in other apps like the Google Photos gallery" regardless of whether its associated chat is deleted
π@cveNotify
Facebook WhatsApp Messenger before 2.16.323 for Android uses the SD card for cleartext storage of files (Audio, Documents, Images, Video, and Voice Notes) associated with a chat, even after that chat is deleted. There may be users who expect file deletion to occur upon chat deletion, or who expect encryption (consistent with the application's use of an encrypted database to store chat text). NOTE: the vendor reportedly indicates that they do not "consider these to be security issues" because a user may legitimately want to preserve any file for use "in other apps like the Google Photos gallery" regardless of whether its associated chat is deleted
π@cveNotify
π¨ CVE-2017-9230
The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. This violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent. NOTE: a number of persons feel that this methodology is a benign mining optimization, not a vulnerability
π@cveNotify
The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. This violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent. NOTE: a number of persons feel that this methodology is a benign mining optimization, not a vulnerability
π@cveNotify