S12700, S1700,s3700,s5700,s6700,s7700, S9700, Ecns210 Td Security Vulnerabilities

Adobe ColdFusion 2018,15 / 2021,5 Arbitrary File Read

...

Adobe ColdFusion versions 2018,15 (and earlier) and 2021,5 and earlier - Arbitrary File Read

...

Adobe ColdFusion v 2018,15 (and earlier) and 2021,5 and earlier - Arbitrary File Read Exploit

...

Enrollment System v1.0 - SQL Injection Exploit

...

Enrollment System 1.0 SQL Injection

...

R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure Vulnerability

...

R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure

...

Enrollment System v1.0 - SQL Injection

...

CVE-2021-47009

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak on object td Two error return paths are neglecting to free allocated object td, causing a memory leak. Fix this by returning via the error return path that securely kfree's td. Fixes clang scan-build....

CVE-2021-47009

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak on object td Two error return paths are neglecting to free allocated object td, causing a memory leak. Fix this by returning via the error return path that securely kfree's td. Fixes clang scan-build....

CVE-2021-47009

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak on object td Two error return paths are neglecting to free allocated object td, causing a memory leak. Fix this by returning via the error return path that securely kfree's td. Fixes clang...

CVE-2021-47009

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak on object td Two error return paths are neglecting to free allocated object td, causing a memory leak. Fix this by returning via the error return path that securely kfree's td. Fixes clang scan-build....

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak on object td Two error return paths are neglecting to free allocated object td, causing a memory leak. Fix this by returning via the error return path that securely kfree's td. Fixes clang scan-build....

CVE-2021-47009 KEYS: trusted: Fix memory leak on object td

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak on object td Two error return paths are neglecting to free allocated object td, causing a memory leak. Fix this by returning via the error return path that securely kfree's td. Fixes clang scan-build....

CVE-2021-47009 KEYS: trusted: Fix memory leak on object td

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak on object td Two error return paths are neglecting to free allocated object td, causing a memory leak. Fix this by returning via the error return path that securely kfree's td. Fixes clang scan-build....

CVE-2021-47009

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak on object td Two error return paths are neglecting to free allocated object td, causing a memory leak. Fix this by returning via the error return path that securely kfree's td. Fixes clang scan-build....

CVE-2023-50975

The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled (i.e., ELECTRON_RUN_AS_NODE can be used in production). This makes it easier for a compromised process to access banking...

CVE-2023-50975

The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled (i.e., ELECTRON_RUN_AS_NODE can be used in production). This makes it easier for a compromised process to access banking...

Information disclosure

The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled (i.e., ELECTRON_RUN_AS_NODE can be used in production). This makes it easier for a compromised process to access banking...

ITFlow Cross Site Request Forgery

...

CVE-2023-50975

The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled (i.e., ELECTRON_RUN_AS_NODE can be used in production). This makes it easier for a compromised process to access banking...

Adapt CMS 3.0.3 Cross Site Scripting / Shell Upload Vulnerabilities

...

How are attackers using QR codes in phishing emails and lure documents?

Though QR codes were once on the verge of extinction, many consumers are used to seeing them in the wild for ordering at restaurants, or as mainstays on storefront doors informing customers how they can sign up for a newsletter or score a sweet deal. The use of QR codes saw a resurgence during the....

Adapt CMS 3.0.3 Cross Site Scripting / Shell Upload

...

phpMyFAQ vulnerable to stored XSS on attachments filename

Summary Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leading to allow execute JavaScript code in client side (XSS) Details On that snippet code of rendering the file attachments from user tables ``` <tr> ...

phpMyFAQ vulnerable to stored XSS on attachments filename

Summary Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leading to allow execute JavaScript code in client side (XSS) Details On that snippet code of rendering the file attachments from user tables ``` <tr> ...

Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure

...

pyload - Log Injection

A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by...

Exploit for CVE-2023-45777

Mysterious patch Let's start this time with the patch that...

pyload Unauthenticated Flask Configuration Leakage vulnerability

Summary Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRET_KEY variable. Details Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRET_KEY variable. PoC Run pyload in the default configuration by...

pyload Unauthenticated Flask Configuration Leakage vulnerability

Summary Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRET_KEY variable. Details Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRET_KEY variable. PoC Run pyload in the default configuration by...

Explained: SMTP smuggling

SMTP smuggling is a technique that allows an attacker to send an email from pretty much any address they like. The intended goal is email spoofing—sending emails with false sender addresses. Email spoofing allows criminals to make malicious emails more believable. Let’s take a closer look at what.....

Craft CMS 4.4.14 Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated remote code execution vulnerability in Craft CMS versions 4.0.0-RC1 through...

Craft CMS 4.4.14 Remote Code Execution

...

Exploit for Files or Directories Accessible to External Parties in Apache Struts

CVE-2023-50164 : Apache Struts 2 vulnerable Docker container...

Craft CMS unauthenticated Remote Code Execution (RCE)

This module exploits Remote Code Execution vulnerability (CVE-2023-41892) in Craft CMS which is a popular content management system. Craft CMS versions between 4.0.0-RC1 - 4.4.14 are affected by this vulnerability allowing attackers to execute arbitrary code remotely, potentially compromising the.....

ownCloud Phpinfo Reader Exploit

Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or 0.3.0 before 0.3.1 of the app graph installed contain a test file which prints phpinfo() to an unauthenticated user. A post file name must be appended to the URL to bypass the login filter. Docker.....

R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure

...

R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure Vulnerability

R Radio Network FM Transmitter version 1.07 suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text password of the admin user allowing authentication bypass and FM station setup...

ownCloud Phpinfo Reader

Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or 0.3.0 before 0.3.1 of the app graph installed contain a test file which prints phpinfo() to an unauthenticated user. A post file name must be appended to the URL to bypass the login filter. Docker.....

R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure

Title: R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure Advisory ID: ZSL-2023-5802 Type: Local/Remote Impact: Exposure of Sensitive Information, Security Bypass Risk: (5/5) Release Date: 03.12.2023 Summary R Radio FM Transmitter that includes FM Exciter and FM Amplifier...

WBCE CMS 1.6.1 Shell Upload Vulnerability

...

WBCE CMS 1.6.1 Shell Upload

...

Akira Ransomware

Akira Ransomware By Max Kersten · November 29, 2023 This blog was also written by Alexandre Mundo First discovered in early 2023, Akira ransomware seemed to be just another ransomware family that entered the market. Its continued activity and numerous victims are our main motivators to...

Akira Ransomware

Akira Ransomware By Alexandre Mundo, Max Kersten · November 29, 2023 First discovered in early 2023, Akira ransomware seemed to be just another ransomware family that entered the market. Its continued activity and numerous victims are our main motivators to investigate the malware’s inner...

ownCloud Information Disclosure Vulnerability (Nov 2023) - Active Check

ownCloud is prone to an information disclosure...

CVE-2023-39166

Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before...

CVE-2023-39166

Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before...

Cross site request forgery (csrf)

Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before...

CVE-2023-39166 WordPress tagDiv Composer Plugin < 4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before...