Read Time:7 Second
This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.
Daily Archives: August 24, 2023
ZDI-23-1216: (0Day) LG Simple Editor PlayerController getImageByFilename Directory Traversal Information Disclosure Vulnerability
Read Time:9 Second
This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
ZDI-23-1217: (0Day) LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability
Read Time:7 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.
ZDI-23-1218: (0Day) LG Simple Editor Incorrect Permission Assignment Local Privilege Escalation Vulnerability
Read Time:11 Second
This vulnerability allows local attackers to escalate privileges on affected installations of LG Simple Editor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
ZDI-23-1219: (0Day) LG SuperSign Media Editor ContentRestController getObject Directory Traversal Information Disclosure Vulnerability
Read Time:8 Second
This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG SuperSign Media Editor. Authentication is not required to exploit this vulnerability.
ZDI-23-1220: (0Day) LG SuperSign Media Editor getSubFolderList Directory Traversal Information Disclosure Vulnerability
Read Time:8 Second
This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG SuperSign Media Editor. Authentication is not required to exploit this vulnerability.
DSA-5482 tryton-server – security update
Read Time:8 Second
“Edbo” and Cedric Krier discovered that the Tryton application server
does enforce record rules when only reading fields without an SQL type
(like Function fields).