ZDI-23-1208: (0Day) LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability

August 24, 2023

Read Time:7 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.

Advisories

ZDI-23-1209: (0Day) LG Simple Editor createThumbnailByMovie Command Injection Remote Code Execution Vulnerability

August 24, 2023

Read Time:7 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.

Advisories

ZDI-23-1210: (0Day) LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability

August 24, 2023

Read Time:7 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.

Advisories

ZDI-23-1211: (0Day) LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability

August 24, 2023

Read Time:7 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.

Advisories

ZDI-23-1212: (0Day) LG Simple Editor putCanvasDB Directory Traversal Arbitrary File Deletion Vulnerability

August 24, 2023

Read Time:7 Second

This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.

Advisories

ZDI-23-1213: (0Day) LG Simple Editor deleteCanvas Directory Traversal Arbitrary File Deletion Vulnerability

August 24, 2023

Read Time:7 Second

This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.

Advisories

ZDI-23-1214: (0Day) LG Simple Editor getServerSetting Authentication Bypass Vulnerability

August 24, 2023

Read Time:7 Second

This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.

Advisories

ZDI-23-1215: (0Day) LG Simple Editor checkServer Authentication Bypass Vulnerability

August 24, 2023

Read Time:7 Second

This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.

Advisories

ZDI-23-1216: (0Day) LG Simple Editor PlayerController getImageByFilename Directory Traversal Information Disclosure Vulnerability

August 24, 2023

Read Time:9 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.

Advisories

ZDI-23-1217: (0Day) LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability

August 24, 2023

Read Time:7 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.

Cyber Security News

Monthly Archives: August 2023

ZDI-23-1208: (0Day) LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability

ZDI-23-1209: (0Day) LG Simple Editor createThumbnailByMovie Command Injection Remote Code Execution Vulnerability

ZDI-23-1210: (0Day) LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability

ZDI-23-1211: (0Day) LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability

ZDI-23-1212: (0Day) LG Simple Editor putCanvasDB Directory Traversal Arbitrary File Deletion Vulnerability

ZDI-23-1213: (0Day) LG Simple Editor deleteCanvas Directory Traversal Arbitrary File Deletion Vulnerability

ZDI-23-1214: (0Day) LG Simple Editor getServerSetting Authentication Bypass Vulnerability

ZDI-23-1215: (0Day) LG Simple Editor checkServer Authentication Bypass Vulnerability

ZDI-23-1216: (0Day) LG Simple Editor PlayerController getImageByFilename Directory Traversal Information Disclosure Vulnerability

ZDI-23-1217: (0Day) LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability

News, Advisories and much more