EUVD-2025-208690

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 for tcPDU, 1.67 for LK3...

CVE-2025-11500 Credentials exposure in tinycontrol devices

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 have two separate authentication mechanisms - one solely for interface management and one for protecting all other server resources. When the latter is turned off which is a default setting, an unauthenticated attacker on...

CVE-2025-15587 Credentials exposure in tinycontrol devices

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 for tcPDU, 1.67 for LK3...

CVE-2025-15587

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 for tcPDU, 1.67 for LK3...

PT-2026-25662

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 for tcPDU, 1.67 for LK3...

Debian dla-4356 : ublock-origin-doc - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4356 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4356-1 [email protected] https://www.debian.org/lts/security/...

WordPress WP Force SSL & HTTPS SSL Redirect Plugin <= 1.66 is vulnerable to Broken Access Control

Software WP Force SSL & HTTPS SSL Redirect Type Plugin Vulnerable versions = 1.66 Fixed in 1.67 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5770 Patch priority Low CVSS severity Low 4.2 Developer WebFactory Ltd. PSID 7f10441c7ef7 Credits Foxyyy Require...

WordPress plugin Galleries by Angie Makes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

CVE-2020-29128

petl before 1.68, in some configurations, allows resolution of entities in an XML document...

jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts

A sandbox bypass flaw was found in the Jenkins Script Security Plugin versions 1.67 and earlier, that are related to the handling of closure default parameter expressions. This flaw allows attackers to execute arbitrary code in sandboxed scripts...

PT-2019-14694 · Jenkins · Jenkins Script Security Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.67 and earlier Description: A sandbox bypass issue related to the handling of default parameter expressions in closures allows attackers to execute arbitrary code in sandboxed scripts. Recommendations...

Important: php54

Issue Overview: A use-after-free flaw was found in the way PHP's unserialize function processed data. If a remote attacker was able to pass crafted input to PHP's unserialize function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code. CVE-2015-0231 An integer...

CVE-2009-4932

Stack-based buffer overflow in 1by1 1.67 aka 1.6.7.0 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a long string in a .m3u playlist file...

Stack overflow

Stack-based buffer overflow in 1by1 1.67 aka 1.6.7.0 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a long string in a .m3u playlist file...

CVE-2009-4932

Stack-based buffer overflow in 1by1 1.67 aka 1.6.7.0 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a long string in a .m3u playlist file...

1by1 1.67 - &#039;.m3u&#039; Local Stack Overflow (PoC)

1by1 1.67 .M3U File Local Stack Overflow POC my $chars= "A" x 4104; my $file="goldm.m3u"; openmy $FILE, "$file" or die "Cannot open $file: $!"; print $FILE $chars; close$FILE; print "$file has been created \n"; print "Thanx Tryag.Com"; milw0rm.com 2009-04-20...