32 matches found
CVE-2026-9108
Studio 5000 Logix Designer is affected by a path traversal vulnerability in which ACD project files may contain unvalidated file names. During project opening, paths can escape the intended extraction directory, potentially allowing an attacker to write arbitrary files to attacker-controlled loca...
CVE-2018-9108
CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 allows an unauthorized remote attacker to create an account with admin privileges...
PT-2025-34889 · Cisco · Cisco Nx-Os +5
Name of the Vulnerable Software and Affected Versions: Cisco NX-OS Software for Cisco Nexus 3000 Series Switches Cisco Nexus 9000 Series Switches in standalone NX-OS mode Cisco UCS 6400 Fabric Interconnects Cisco UCS 6500 Series Fabric Interconnects Cisco UCS 9108 100G Fabric Interconnects affect...
Linux Distros Unpatched Vulnerability : CVE-2017-9108
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r,...
CVE-2024-9108 Wechat Social login <= 1.3.0 - Unauthenticated Arbitrary File Upload
The Wechat Social login plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'convertremoteimagetolocal' function in versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the...
CVE-2024-9108 Wechat Social login <= 1.3.0 - Unauthenticated Arbitrary File Upload
The Wechat Social login plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'convertremoteimagetolocal' function in versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the...
WordPress Wechat Social login Plugin <= 1.3.0 is vulnerable to Arbitrary File Upload
Software Wechat Social login Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-9108 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 7303314c8667 Credits István Márton Required privilege...
SUSE: Security Advisory (SUSE-SU-2020:14399-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:1612-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-2HWX-MJRM-V3G8 Denial of service attack via .well-known lookups
Impact A malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which...
CVE-2020-9108
creationtimestamp| type| source ---|---|--- 2020-10-12 18:37:40+00:00| seen| https://t.me/cibsecurity/15206...
CVE-2020-9108
The CVE-2020-9108 issue affects Huawei P30 Pro devices running versions prior to 10.1.0.160 (C00E160R2P8). The vulnerability is an out-of-bounds read/write caused by insufficient validation of a crafted message parameter, which an unauthenticated attacker can send to affected products, potentiall...
Fedora 31 : adns (2020-e59bcaf702)
New upstream release - Important security fixes: CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9109: Vulnerable applications: all adns callers. Exploitable by: the local recursive resolver. Likely worst case: Remote code execution. CVE-2017-9106: Vulnerable applications: those that make SOA...
CVE-2017-9108
creationtimestamp| type| source ---|---|--- 2020-06-18 18:55:08+00:00| seen| https://t.me/cibsecurity/12846...
CVE-2017-9108
An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read would have done. Without this fix, adnshost may read...
CVE-2017-9108
CVE-2017-9108 affects adns prior to 1.5.2. The issue arises in adnshost due to mishandling a missing final newline on a stdin read, which can cause reading one byte beyond the buffer and may crash or leak that byte. Publicly reported in multiple advisories and Nessus/OpenVAS entries, with fixes d...
SUSE SLES12 Security Update : adns (SUSE-SU-2020:1612-1)
This update for adns fixes the following issues : CVE-2017-9103,CVE-2017-9104,CVE-2017-9105,CVE-2017-9109: Fixed an issue in local recursive resolver which could have led to remote code execution bsc1172265. CVE-2017-9106: Fixed an issue with upstream DNS data sources which could have led to deni...
openSUSE: Security Advisory for adns (openSUSE-SU-2020:0827-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2020:0827-1 Security update for adns
This update for adns fixes the following issues: - CVE-2017-9103,CVE-2017-9104,CVE-2017-9105,CVE-2017-9109: Fixed an issue in local recursive resolver which could have led to remote code execution bsc1172265. - CVE-2017-9106: Fixed an issue with upstream DNS data sources which could have led to...
CVE-2019-9108
CVE-2019-9108 describes a cross-site scripting vulnerability in WUZHI CMS 4.1.0, exploitable via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] that leads to script injection through the x and y parameters to coreframe/app/core/map.php. All connected sources consistently identify a generic XSS...