π¨ CVE-2024-42546
TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the password parameter in the loginauth function.
π@cveNotify
TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the password parameter in the loginauth function.
π@cveNotify
GitHub
IoT-vulnerable/TOTOLink/A3100R/loginauth_password.md at main Β· noahze01/IoT-vulnerable
Contribute to noahze01/IoT-vulnerable development by creating an account on GitHub.
π¨ CVE-2024-42547
TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.
π@cveNotify
TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.
π@cveNotify
GitHub
IoT-vulnerable/TOTOLink/A3100R/loginauth.md at main Β· noahze01/IoT-vulnerable
Contribute to noahze01/IoT-vulnerable development by creating an account on GitHub.
π¨ CVE-2024-6768
A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function.
π@cveNotify
A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function.
π@cveNotify
A Dive into Earth Bakuβs Latest Campaign | Trend Micro (US)
Since late 2022, Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. Their latest operations demonstrate sophisticated techniques, such as exploiting public-facing applications like IIS servers for initial access and deploying the Godzilla webshell for command and control.
https://www.trendmicro.com/en_us/research/24/h/earth-baku-latest-campaign.html
π@malwr
Since late 2022, Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. Their latest operations demonstrate sophisticated techniques, such as exploiting public-facing applications like IIS servers for initial access and deploying the Godzilla webshell for command and control.
https://www.trendmicro.com/en_us/research/24/h/earth-baku-latest-campaign.html
π@malwr
Trend Micro
A Dive into Earth Bakuβs Latest Campaign
Since late 2022, Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. Their latest operations demonstrate sophisticated techniques, such as exploiting public-facing applications like IIS servers for initialβ¦
π¨ CVE-2024-28212
nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.
π@cveNotify
nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.
π@cveNotify
π¨ CVE-2024-28216
nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.
π@cveNotify
nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.
π@cveNotify
π¨ CVE-2024-29946
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser.
π@cveNotify
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser.
π@cveNotify
Splunk Vulnerability Disclosure
Risky command safeguards bypass in Dashboard Examples Hub
In Splunk Enterprise versions below 9.2.1, 9.1.4 and 9.0.9, and Splunk Cloud Platform versions below 9.1.2312.104 and 9.1.2308.205, the Dashboard Examples Hub in the Splunk Dashboard Studio app lacks protections for risky SPL commands, which could allow anβ¦
π¨ CVE-2023-5971
The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
π@cveNotify
The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
π@cveNotify
WPScan
Save as PDF < 3.2.0 - Admin+ Stored XSS
See details on Save as PDF < 3.2.0 - Admin+ Stored XSS CVE 2023-5971. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2023-41884
ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34.
π@cveNotify
ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34.
π@cveNotify
GitHub
Only allow Events Columns for sort. Fixes GHSA-2qp3-fwpv-mc96. Fixes β¦ Β· ZoneMinder/zoneminder@677f6a3
β¦GHSA-9cmr-7437-v9fj
π¨ CVE-2023-48171
An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.
π@cveNotify
An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.
π@cveNotify
π¨ CVE-2024-21767
A remote attacker may be able to bypass access control of Commend WS203VICM by creating a malicious request.
π@cveNotify
A remote attacker may be able to bypass access control of Commend WS203VICM by creating a malicious request.
π@cveNotify
π¨ CVE-2024-22182
A remote, unauthenticated attacker may be able to send crafted messages
to the web server of the Commend WS203VICM causing the system to
restart, interrupting service.
π@cveNotify
A remote, unauthenticated attacker may be able to send crafted messages
to the web server of the Commend WS203VICM causing the system to
restart, interrupting service.
π@cveNotify
π¨ CVE-2023-35764
Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a remote unauthenticated attacker to spoof an IP address when posting.
π@cveNotify
Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a remote unauthenticated attacker to spoof an IP address when posting.
π@cveNotify
jvn.jp
JVN#51098626: Multiple vulnerabilities in WordPress Plugin "Survey Maker"
Japan Vulnerability Notes
π¨ CVE-2024-29167
SVR-116 firmware version 1.6.0.30028871 allows a remote authenticated attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.
π@cveNotify
SVR-116 firmware version 1.6.0.30028871 allows a remote authenticated attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.
π@cveNotify
jvn.jp
JVNVU#93932313: SEEnergy SVR-116 vulnerable to OS command injection
Japan Vulnerability Notes
π¨ CVE-2023-7066
The affected applications contain an out of bounds read past the end of
an allocated structure while parsing specially crafted PDF files. This
could allow an attacker to execute code in the context of the current
process.
π@cveNotify
The affected applications contain an out of bounds read past the end of
an allocated structure while parsing specially crafted PDF files. This
could allow an attacker to execute code in the context of the current
process.
π@cveNotify
π¨ CVE-2024-43151
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder β Lite allows Stored XSS.This issue affects Ultimate Addons for Beaver Builder β Lite: from n/a through 1.5.9.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder β Lite allows Stored XSS.This issue affects Ultimate Addons for Beaver Builder β Lite: from n/a through 1.5.9.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Ultimate Addons for Beaver Builder β Lite Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-43152
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in iberezansky 3D FlipBook β PDF Flipbook Viewer, Flipbook Image Gallery allows Stored XSS.This issue affects 3D FlipBook β PDF Flipbook Viewer, Flipbook Image Gallery: from n/a through 1.15.6.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in iberezansky 3D FlipBook β PDF Flipbook Viewer, Flipbook Image Gallery allows Stored XSS.This issue affects 3D FlipBook β PDF Flipbook Viewer, Flipbook Image Gallery: from n/a through 1.15.6.
π@cveNotify
Patchstack
undefined in undefined undefined undefined
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-43155
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins ComboBlocks allows Stored XSS.This issue affects ComboBlocks: from n/a through 2.2.86.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins ComboBlocks allows Stored XSS.This issue affects ComboBlocks: from n/a through 2.2.86.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Post Grid and Gutenberg Blocks Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-43156
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Reflected XSS.This issue affects Post Grid Master: from n/a through 3.4.10.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Reflected XSS.This issue affects Post Grid Master: from n/a through 3.4.10.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Post Grid Master Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-43161
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Averta Depicter Slider allows Stored XSS.This issue affects Depicter Slider: from n/a through 3.1.2.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Averta Depicter Slider allows Stored XSS.This issue affects Depicter Slider: from n/a through 3.1.2.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Depicter Slider Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π1
π¨ CVE-2024-35775
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Authentication vulnerability in Soliloquy Team Slider by Soliloquy allows Cross-Site Scripting (XSS).This issue affects Slider by Soliloquy: from n/a through 2.7.6.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Authentication vulnerability in Soliloquy Team Slider by Soliloquy allows Cross-Site Scripting (XSS).This issue affects Slider by Soliloquy: from n/a through 2.7.6.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Slider by Soliloquy Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.