A vulnerability was found in Itech Movie Portal Script 7.36. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /movie.php. The manipulation of the argument f with the input <img src=i onerror=prompt(1)> leads to basic cross site scripting (Reflected). The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Category Archives: Advisories
CVE-2017-20141
A vulnerability classified as critical has been found in Itech Movie Portal Script 7.36. This affects an unknown part of the file /movie.php. The manipulation of the argument f leads to sql injection (Union). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2017-20142
A vulnerability classified as critical was found in Itech Movie Portal Script 7.36. This vulnerability affects unknown code of the file /artist-display.php. The manipulation of the argument act leads to sql injection (Union). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2017-20143
A vulnerability, which was classified as critical, has been found in Itech Movie Portal Script 7.36. This issue affects some unknown processing of the file /film-rating.php. The manipulation of the argument v leads to sql injection (Error). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2020-14114
information leakage vulnerability exists in the Xiaomi SmartHome APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information.
CVE-2020-14126
Information leakage vulnerability exists in the Mi Sound APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information.
APPLE-SA-2022-07-20-2 macOS Monterey 12.5
Posted by Apple Product Security via Fulldisclosure on Jul 21
APPLE-SA-2022-07-20-2 macOS Monterey 12.5
macOS Monterey 12.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213345.
APFS
Available for: macOS Monterey
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32832: Tommy Muir (@Muirey03)…
APPLE-SA-2022-07-20-7 Safari 15.6
Posted by Apple Product Security via Fulldisclosure on Jul 21
Safari 15.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213341.
Safari Extensions
Available for: macOS Big Sur and macOS Catalina
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: The issue was addressed with improved UI handling.
CVE-2022-32784: Young Min Kim of CompSec Lab at Seoul National
University
WebKit
Available for: macOS Big…
APPLE-SA-2022-07-20-6 watchOS 8.7
Posted by Apple Product Security via Fulldisclosure on Jul 21
APPLE-SA-2022-07-20-6 watchOS 8.7
watchOS 8.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213340.
APFS
Available for: Apple Watch Series 3 and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32832: Tommy Muir (@Muirey03)
AppleAVD
Available…
APPLE-SA-2022-07-20-5 tvOS 15.6
Posted by Apple Product Security via Fulldisclosure on Jul 21
APPLE-SA-2022-07-20-5 tvOS 15.6
tvOS 15.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213342.
APFS
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32832: Tommy Muir…