CVE-2019-11098
Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access. Devamını Oku
Devamını oku
CVE-2020-0417
In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-154319182 Devamını Oku
CVE-2020-20231
Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). Devamını Oku
CVE-2020-0417 (android)
In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-154319182 Devamını Oku
CVE-2021-0144
Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enable an escalation of privilege via local access. Devamını Oku
CVE-2020-25444
Cross Site Scripting (XSS) vulnerability in Booking Core – Ultimate Booking System Booking Core 1.7.0 via the (1) "About Yourselfâ€� section under the “My Profileâ€� page, " (2) “Hotel Policyâ€� field under the “Hotel Detailsâ€� page, (3) “Pricing codeâ€� and “nameâ€� fields under the “Manage Tourâ€� page, and (4) all the labels under the “Menuâ€�…
CVE-2020-25445
The “Subscribeâ€� feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed. Devamını Oku
CVE-2020-27379
Cross Site Request Forgery (CSRF) vulnerability in Booking Core – Ultimate Booking System Booking Core 1.7.0 . The CSRF token is not being validated when the request is sent as a GET method. This results in an unauthorized change in the user's email ID, which can later be used to reset the password. The new…
CVE-2020-25445 (booking_core)
The “Subscribeâ€� feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed. Devamını Oku
CVE-2020-27379 (booking_core)
Cross Site Request Forgery (CSRF) vulnerability in Booking Core – Ultimate Booking System Booking Core 1.7.0 . The CSRF token is not being validated when the request is sent as a GET method. This results in an unauthorized change in the user's email ID, which can later be used to reset the password. The new…
CVE-2020-18144
SQL Injection Vulnerability in ECTouch v2 via the integral_min parameter in index.php. Devamını Oku
CVE-2020-29146
A cross site scripting (XSS) vulnerability in index.php of Wayang-CMS v1.0 allows attackers to execute arbitrary web scripts or HTML via a constructed payload created by adding the X-Forwarded-For field to the header. Devamını Oku