In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. UmVfX1BvaW50/CVE-2024-...
学分制系统GetCalendarContentById存在SQL注入漏洞 云匣子系统接口ssoToolReport存在远程代码执行漏洞 泛微E-Cology-KtreeUploadAction任意文件上传漏洞 极限OA接口video_file.php存在任意文件读取漏洞 锐捷上网行为管理系统static_convert.php存在远程命令执行漏洞 佑友防火墙后台接口download存在任意文件读取漏洞 佑友防火墙后台接...