(CVE-2023-4223) Chamilo LMS Document Ajax File Upload Functionality Remote Code Execution SummaryProductChamiloVendorChamiloSeverityHigh - Adversaries may exploit software vul... 2023-11-28 08:0:0 | 阅读: 8 | 收藏 | Advisories on STAR Labs - starlabs.sg php chamilo htaccess learner

(CVE-2023-4224) Chamilo LMS Dropbox Ajax File Upload Functionality Remote Code Execution SummaryProductChamiloVendorChamiloSeverityHigh - Adversaries may exploit software vul... 2023-11-28 08:0:0 | 阅读: 15 | 收藏 | Advisories on STAR Labs - starlabs.sg php chamilo dropbox htaccess

(CVE-2023-4225) Chamilo LMS Exercise Ajax File Upload Functionality Remote Code Execution SummaryProductChamiloVendorChamiloSeverityHigh - Adversaries may exploit software vul... 2023-11-28 08:0:0 | 阅读: 15 | 收藏 | Advisories on STAR Labs - starlabs.sg php chamilo htaccess attacker

Exploitation of a kernel pool overflow from a restrictive chunk size (CVE-2021-31969) IntroductionThe prevalence of memory corruption bugs persists, posing a persistent challenge for ex... 2023-11-24 08:0:0 | 阅读: 3 | 收藏 | Blogs on STAR Labs - starlabs.sg b0 etwr alin overflow memory

(CVE-2023-1713) Bitrix24 Remote Command Execution (RCE) via Insecure Temporary File Creation SummaryProductBitrix24VendorBitrix24SeverityHighAffected VersionsBitrix24 22.0.30... 2023-11-1 08:0:0 | 阅读: 18 | 收藏 | Advisories on STAR Labs - starlabs.sg htaccess attacker bitrix sessid php

(CVE-2023-1714) Bitrix24 Remote Command Execution (RCE) via Unsafe Variable Extraction Summary:ProductBitrix24VendorBitrix24SeverityHighAffected VersionsBitrix24 22.0.3... 2023-11-1 08:0:0 | 阅读: 12 | 收藏 | Advisories on STAR Labs - starlabs.sg bitrix php sessid attacker

(CVE-2023-1715 & CVE-2023-1716) Bitrix24 Stored Cross-Site Scripting (XSS) via Improper Input Neutralization on Invoice Edit Page Summary:ProductBitrix24VendorBitrix24SeverityCriticalAffected VersionsBitrix24 22... 2023-11-1 08:0:0 | 阅读: 16 | 收藏 | Advisories on STAR Labs - starlabs.sg invoice recur bitrix sanitizer sessid

(CVE-2023-1717) Bitrix24 Cross-Site Scripting (XSS) via Client-side Prototype Pollution Summary:ProductBitrix24VendorBitrix24SeverityCriticalAffected VersionsBitrix24 22... 2023-11-1 08:0:0 | 阅读: 6 | 收藏 | Advisories on STAR Labs - starlabs.sg bx bitrix bitrix24 presetdata attacker

(CVE-2023-1718) Bitrix24 Denial-of-Service (DoS) via Improper File Stream Access Summary:ProductBitrix24VendorBitrix24SeverityHighAffected VersionsBitrix24 22.0.3... 2023-11-1 08:0:0 | 阅读: 12 | 收藏 | Advisories on STAR Labs - starlabs.sg php bxu bitrix24 cid blah

(CVE-2023-1719) Bitrix24 Insecure Global Variable Extraction Summary:ProductBitrix24VendorBitrix24SeverityHighAffected VersionsBitrix24 22.0.3... 2023-11-1 08:0:0 | 阅读: 24 | 收藏 | Advisories on STAR Labs - starlabs.sg php bitrix globals toglobals

(CVE-2023-1720) Bitrix24 Stored Cross-Site Scripting (XSS) via File Upload Summary:ProductBitrix24VendorBitrix24SeverityHighAffected VersionsBitrix24 22.0.3... 2023-11-1 08:0:0 | 阅读: 14 | 收藏 | Advisories on STAR Labs - starlabs.sg bitrix24 bxu cid php emailed

(CVE-2023-4197) Dolibarr ERP CRM (<= 18.0.1) Improper Input Sanitization Authenticated RCE Summary:ProductDolibarr ERP CRMVendorDolibarrSeverityHighAffected Versions<= 18.0... 2023-10-11 08:0:0 | 阅读: 11 | 收藏 | Advisories on STAR Labs - starlabs.sg php dolibarr webpage erp newstr

(CVE-2023-4198) Dolibarr ERP CRM (<= 17.0.3) Improper Access Control Summary:ProductDolibarr ERP CRMVendorDolibarrSeverityHighAffected Versions<= 17.0... 2023-10-11 08:0:0 | 阅读: 7 | 收藏 | Advisories on STAR Labs - starlabs.sg dolibarr erp php username

Analysis of NodeBB Account Takeover Vulnerability (CVE-2022-46164) Back in January 2023, I tasked one of our web security interns, River Koh (@oceankex), to perform n-... 2023-9-29 08:0:0 | 阅读: 6 | 收藏 | Blogs on STAR Labs - starlabs.sg sio nodebb targeturl emit 4567

(CVE-2023-30591) NodeBB Pre-Authentication Denial-of-Service Summary:ProductNodeBBVendorNodeBBSeverityHigh - Unprivileged attackers are able to ca... 2023-9-29 08:0:0 | 阅读: 12 | 收藏 | Advisories on STAR Labs - starlabs.sg eventname nodebb payload startswith loader

[P2O Vancouver 2023] SharePoint Pre-Auth RCE chain (CVE-2023–29357 & CVE-2023–24955) BriefI may have achieved successful exploitation of a SharePoint target during Pwn2Own Vancouver 20... 2023-9-25 08:0:0 | 阅读: 27 | 收藏 | Blogs on STAR Labs - starlabs.sg httpcontext

nftables Adventures: Bug Hunting and N-day Exploitation (CVE-2023-31248) During my internship, I have been researching and trying to find bugs within the nftables subsystem.... 2023-9-25 08:0:0 | 阅读: 18 | 收藏 | Blogs on STAR Labs - starlabs.sg nftnl nlmsg nf 1411 mnl

(CVE-2023-2315) Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 Summary:ProductOpenCartVendorOpenCartSeverityHigh - Adversaries may exploit software... 2023-9-18 08:0:0 | 阅读: 12 | 收藏 | Advisories on STAR Labs - starlabs.sg opencart php username emptied developers

(CVE-2023-32523) Trend Micro Mobile Security (Enterprise) 9.8 SP5 (<= Critical Patch 3) Unauthenticated RCE Summary:ProductTrend Micro Mobile Security (Enterprise) 9.8 SP5VendorTrend MicroSeveri... 2023-8-22 08:0:0 | 阅读: 19 | 收藏 | Advisories on STAR Labs - starlabs.sg php widget security username mydebug

(CVE-2023-32524) Trend Micro Mobile Security (Enterprise) 9.8 SP5 (<= Critical Patch 3) Unauthenticated RCE Summary:ProductTrend Micro Mobile Security (Enterprise) 9.8 SP5VendorTrend MicroSeveri... 2023-8-22 08:0:0 | 阅读: 48 | 收藏 | Advisories on STAR Labs - starlabs.sg php security username mydebug