Thampakon

2 exploits Active since Feb 2019

CVE-2023-35674 NOMISEC HIGH WRITEUP

Android - Local Privilege Escalation via WindowState Logic Error

In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS 7.8

View Code

CVE-2019-8331 NOMISEC MEDIUM WRITEUP

Bootstrap < 3.4.1 and 4.3.x < 4.3.1 - Cross-Site Scripting via Tooltip or Popover Data-Template Attribute

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

CVSS 6.1

View Code