ValBrux ( ͡° ͜ʖ ͡°)

Category

CVEs

CVE-2019-6588 – Liferay Portal < 7.1 CE GA4 / SimpleCaptcha API XSS

Introduction In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the “url” parameter of the JSP taglib call <liferay-ui:captcha url=”<%= url %>” /> or <liferay-captcha:captcha url=”<%= url… Continue Reading →

CVE-2018-13042 – 1Password Android < 7.0 - Denial of Service

Introduction The 1Password application < 7.0 for Android is affected by a Denial Of Service vulnerability. By starting the activity com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivity from an external application (since they are exported), it is possible to crash the 1Password instance. Poc… Continue Reading →

© 2019 Valbrux — Powered by WordPress