Quidway S2700,Quidway S5300,Quidway S5700,S2300,S2700,S5300,S5700,S600-E,S6300,S6700 Security Vulnerabilities

CVE-2024-28093

The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level...

Exploit for CVE-2024-20767

Proof of Concept script for CVE-2024-20767 Overview...

U.S. Sanctions 3 Cryptocurrency Exchanges for Helping Russia Evade Sanctions

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned three cryptocurrency exchanges for offering services used to evade economic restrictions imposed on Russia following its invasion of Ukraine in early 2022. This includes Bitpapa IC FZC LLC, Crypto Explorer...

e-lir.ch Cross Site Scripting vulnerability OBB-3886900

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-28093

The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level...

CVE-2024-26645

In the Linux kernel, the following vulnerability has been resolved: tracing: Ensure visibility when inserting an element into tracing_map Running the following two commands in parallel on a multi-processor AArch64 machine can sporadically produce an unexpected warning about duplicate histogram...

Nagios XI 2024R1.01 SQL Injection

...

CVE-2023-52622

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid online resizing failures due to oversized flex bg When we online resize an ext4 filesystem with a oversized flexbg_size, mkfs.ext4 -F -G 67108864 $dev -b 4096 100M mount $dev $dir resize2fs $dev 16G the following...

Linksys E2000 Router <= 1.0.06 Build 1 Authentication Bypass Vulnerability

Linksys E2000 routers are prone to an authentication bypass ...

Craft CMS 4.4.14 Remote Code Execution

...

Insurance Management System PHP And MySQL 1.0 Cross Site Scripting

...

e-image.cz Cross Site Scripting vulnerability OBB-3885325

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Top 4 Industries at Risk of Credential Stuffing and Account Takeover (ATO) attacks

All industries are at risk of credential stuffing and account takeover (ATO) attacks. However, some industries are at a greater risk because of the sensitive information or volume of customer data they possess. While cyber-attacks come in all forms and techniques, credential stuffing involves an...

CVE-2024-30204

In Emacs before 29.3, LaTeX preview is enabled by default for e-mail...

CVE-2024-30204

In Emacs before 29.3, LaTeX preview is enabled by default for e-mail...

CVE-2024-30204

In Emacs before 29.3, LaTeX preview is enabled by default for e-mail...

CrushFTP Unauthenticated RCE

This exploit module leverages an Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability (CVE-2023-43177) to achieve unauthenticated remote code execution. This affects CrushFTP versions prior to 10.5.1. It is possible to set some user's session properties by...

e-tipa.org Cross Site Scripting vulnerability OBB-3884844

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-30204

In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. Bugs ...

Fedora: Security Advisory for amavis (FEDORA-2024-1d87055861)

The remote host is missing an update for...

CVE-2024-30204

In Emacs before 29.3, LaTeX preview is enabled by default for e-mail...

Insurance Management System PHP and MySQL 1.0 - Multiple Stored XSS

...

Nagios XI Version 2024R1.01 - SQL Injection

...

Craft CMS 4.4.14 - Unauthenticated Remote Code Execution

...

Fedora: Security Advisory for amavis (FEDORA-2024-8bbcae6af2)

The remote host is missing an update for...

Fedora: Security Advisory for amavis (FEDORA-2024-3cf9eb64ba)

The remote host is missing an update for...

[slackware-security] emacs

New emacs packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/emacs-29.3-i586-1_slack15.0.txz: Upgraded. GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in...

Gambio Online Webshop unauthenticated PHP Deserialization Vulnerability

A Remote Code Execution vulnerability in Gambio online webshop version 4.9.2.0 and lower allows remote attackers to run arbitrary commands via unauthenticated HTTP POST request. The identified vulnerability within Gambio pertains to an insecure deserialization flaw, which ultimately allows an...

e-hong.com.tw Cross Site Scripting vulnerability OBB-3884608

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

e-auto.cz Cross Site Scripting vulnerability OBB-3884512

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

[SECURITY] Fedora 39 Update: amavis-2.13.1-1.fc39

amavis is a high-performance and reliable interface between mailer (MTA) and one or more content checkers: virus scanners, and/or Mail::SpamAssassin Perl module. It is written in Perl, assuring high reliability, portability and maintainability. It talks to MTA via (E)SMTP or LMTP, or by using...

[SECURITY] Fedora 38 Update: amavis-2.13.1-1.fc38

amavis is a high-performance and reliable interface between mailer (MTA) and one or more content checkers: virus scanners, and/or Mail::SpamAssassin Perl module. It is written in Perl, assuring high reliability, portability and maintainability. It talks to MTA via (E)SMTP or LMTP, or by using...

[SECURITY] Fedora 40 Update: amavis-2.13.1-1.fc40

amavis is a high-performance and reliable interface between mailer (MTA) and one or more content checkers: virus scanners, and/or Mail::SpamAssassin Perl module. It is written in Perl, assuring high reliability, portability and maintainability. It talks to MTA via (E)SMTP or LMTP, or by using...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0977-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0977-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after...

Exploit for CVE-2024-30896

CVE-2024-30896 Summary A business logic flaw in influxdb...

Exploit for CVE-2024-30896

CVE-2024-30896 Summary A business logic flaw in influxdb...

Grav File Upload Path Traversal

Summary Grav is vulnerable to a file upload path traversal vulnerability, that can allow an adversary to replace or create files with extensions such as .json, .zip, .css, .gif, etc. This vulnerabiltiy can allow attackers to inject arbitrary code on the server, undermine integrity of backup files.....

Grav File Upload Path Traversal

Summary Grav is vulnerable to a file upload path traversal vulnerability, that can allow an adversary to replace or create files with extensions such as .json, .zip, .css, .gif, etc. This vulnerabiltiy can allow attackers to inject arbitrary code on the server, undermine integrity of backup files.....

New StrelaStealer Phishing Attacks Hit Over 100 Organizations in E.U. and U.S.

Cybersecurity researchers have detected a new wave of phishing attacks that aim to deliver an ever-evolving information stealer referred to as StrelaStealer. The campaigns impact more than 100 organizations in the E.U. and the U.S., Palo Alto Networks Unit 42 researchers said in a new report...

Reflectionless Templates With Spring

A few Java libraries have shown up recently that use text templates, but compile to Java classes at build time. They can thus claim to some extent to be "reflection free". Together with potential benefits of runtime performance, they promise to be easy to use and integrate with GraalVM native...

minaliC 2.0.0 - Denied of Service

...

CVE-2024-2754

A vulnerability classified as critical has been found in SourceCodester Complete E-Commerce Site 1.0. Affected is an unknown function of the file /admin/users_photo.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit...

CVE-2024-2754

A vulnerability classified as critical has been found in SourceCodester Complete E-Commerce Site 1.0. Affected is an unknown function of the file /admin/users_photo.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit...

CVE-2024-2754 SourceCodester Complete E-Commerce Site users_photo.php unrestricted upload

A vulnerability classified as critical has been found in SourceCodester Complete E-Commerce Site 1.0. Affected is an unknown function of the file /admin/users_photo.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit...

e-image.cz Cross Site Scripting vulnerability OBB-3882547

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Mozilla Firefox ESR and Thunderbird Denial of Service Vulnerabilities

Mozilla Firefox ESR is an extended support version of Firefox (the Web browser).Mozilla Thunderbird is a suite of e-mail client software separate from the Mozilla Application Suite. A denial of service vulnerability exists in Mozilla Firefox ESR and Thunderbird, which is caused by an ICU...

OpenNMS Horizon 31.0.7 Remote Command Execution

...

Exploit for Use After Free in Linux Linux Kernel

CVE-2024-1086 Universal local privilege escalation...

CVE-2024-29036

Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users should....

CVE-2024-29036

Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users should....