Lucene search
K

54 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.9 views

RHCOS 4 : Red Hat build of MicroShift 4.16.24 (RHSA-2024:10149)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10149 advisory. - runc: file descriptor leak CVE-2024-21626 Note that Nessus has not tested for this issue but has instead relied only on the application's...

8.6CVSS7AI score0.18087EPSS
Exploits18References5
RedhatCVE
RedhatCVE
added 2025/05/17 9:3 p.m.4 views

CVE-2024-10149

The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00266EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/05/17 12:19 a.m.6 views

WordPress Social Slider Feed plugin < 2.2.9 - Admin+ Stored XSS via Widgets vulnerability

Admin+ Stored XSS via Widgets vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Social Slider Feed versions 2.2.9...

4.8CVSS5.9AI score0.00266EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/05/15 8:6 p.m.12 views

CVE-2024-10149 Social Slider Feed < 2.2.9 - Admin+ Stored XSS via Widgets

The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00266EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/15 8:6 p.m.5 views

CVE-2024-10149 Social Slider Feed < 2.2.9 - Admin+ Stored XSS via Widgets

The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.7AI score0.00266EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:6 p.m.27 views

CVE-2024-10149

The CVE-2024-10149 entry concerns the WordPress Social Slider Feed plugin prior to version 2.2.9. The root cause is that certain settings are not properly sanitized or escaped, enabling Stored XSS by high‑privilege users (e.g., administrators) even when unfiltered_html is disallowed (such as in m...

4.8CVSS5.7AI score0.00266EPSS
Exploits1References1Affected Software1
GithubExploit
GithubExploit
added 2020/06/03 2:27 a.m.108 views

Exploit for OS Command Injection in Exim

Exim CVE Data Collection Data Collection Related to Exim Vuln...

10CVSS10AI score0.99961EPSS
Exploits29
ThreatPost
ThreatPost
added 2020/05/29 4:34 p.m.487 views

NSA Warns of Sandworm Backdoor Attacks on Mail Servers

The Russia-linked APT group Sandworm has been spotted exploiting a vulnerability in the internet’s top email server software, according to the National Security Agency NSA. The bug exists in the Exim Mail Transfer Agent MTA software, an open-source offering used on Linux and Unix-like systems. It...

7.5CVSS0.9AI score0.99961EPSS
Exploits27References11
CISA
CISA
added 2020/05/28 12:0 a.m.99 views

NSA Releases Advisory on Sandworm Actors Exploiting an Exim Vulnerability

The National Security Agency NSA has released a cybersecurity advisory on Russian advanced persistent threat APT group Sandworm exploiting a vulnerability—CVE-2019-10149—in Exim Mail Transfer Agent MTA software. An unauthenticated remote attacker can use this vulnerability to send a specially...

10CVSS3.1AI score0.99961EPSS
Exploits27References3
ATTACKERKB
ATTACKERKB
added 2020/05/28 12:0 a.m.77 views

CVE-2019-10149

Exim unauthenticated RCE with reports that it’s been used by Sandworm since August 2019 Recent assessments: ericalexanderorg at May 28, 2020 4:49pm UTC reported: Untested POC exists https://github.com/MNEMO-CERT/PoC—CVE-2019-10149Exim/blob/master/PoCCVE-2019-10149.py gwillcox-r7 at November 04,...

10CVSS0.5AI score0.99961EPSS
In wildExploits27References3
GithubExploit
GithubExploit
added 2019/10/27 1:3 a.m.381 views

Exploit for OS Command Injection in Exim

CVE-2019-10149 CVE-2019-10149 : A flaw was found in Exim versi...

10CVSS3.9AI score0.99961EPSS
Exploits27
GithubExploit
GithubExploit
added 2019/10/21 8:13 a.m.109 views

Exploit for OS Command Injection in Exim

CVE-2019-10149 - Exim 4.87 Local/Makefile cp eximmonitor...

10CVSS7.1AI score0.99961EPSS
Exploits27
Exploit DB
Exploit DB
added 2019/08/26 12:0 a.m.1962 views

Exim 4.87 / 4.91 - Local Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'expect' class MetasploitModule 'Exim 4.87 - 4.91 Local Privilege Escalation', 'Description' = %q This module exploits a flaw in Exim versions 4.87 to 4.91...

10CVSS9.7AI score0.99961EPSS
Exploits27
0day.today
0day.today
added 2019/08/23 12:0 a.m.283 views

Exim 4.87 / 4.91 - Local Privilege Escalation Exploit

This Metasploit module exploits a flaw in Exim versions 4.87 to 4.91 inclusive. Improper validation of recipient address in delivermessage function in /src/deliver.c may lead to command execution with root privileges. This module requires Metasploit: https://metasploit.com/download Current source...

10CVSS1.3AI score0.99961EPSS
Exploits27
Packet Storm
Packet Storm
added 2019/08/23 12:0 a.m.408 views

Exim 4.91 Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'expect' class MetasploitModule 'Exim 4.87 - 4.91 Local Privilege Escalation', 'Description' = %q This module exploits a flaw in Exim versions 4.87 to 4.91...

7.5CVSS0.6AI score0.99961EPSS
Exploits27
Metasploit
Metasploit
added 2019/07/04 2:2 p.m.719 views

Exim 4.87 - 4.91 Local Privilege Escalation

This module exploits a flaw in Exim versions 4.87 to 4.91 inclusive. Improper validation of recipient address in delivermessage function in /src/deliver.c may lead to command execution with root privileges CVE-2019-10149. This module requires Metasploit: https://metasploit.com/download Current...

9.8CVSS1.3AI score0.99961EPSS
Exploits27
ThreatPost
ThreatPost
added 2019/06/17 3:2 p.m.227 views

Microsoft Pushes Azure Users to Patch Linux Systems

Microsoft is warning customers that some Azure installations are vulnerable to a recently-disclosed critical Linux Exim mail server flaw that is under active attack. The warning comes after a widespread worm campaign was disclosed on Friday, targeting a flaw in the Exim mail transport agent MTA,...

7.5CVSS0.99961EPSS
Exploits27References5
exploitpack
exploitpack
added 2019/06/17 12:0 a.m.241 views

Exim 4.87 - 4.91 - Local Privilege Escalation

Exim 4.87 - 4.91 - Local Privilege Escalation !/bin/bash raptoreximwiz - "The Return of the WIZard" LPE exploit Copyright c 2019 Marco Ivaldi A flaw was found in Exim versions 4.87 to 4.91 inclusive. Improper validation of recipient address in delivermessage function in /src/deliver.c may lead to...

7.5CVSS1AI score0.99961EPSS
Exploits27
Exploit DB
Exploit DB
added 2019/06/17 12:0 a.m.602 views

Exim 4.87 - 4.91 - Local Privilege Escalation

!/bin/bash raptoreximwiz - "The Return of the WIZard" LPE exploit Copyright c 2019 Marco Ivaldi A flaw was found in Exim versions 4.87 to 4.91 inclusive. Improper validation of recipient address in delivermessage function in /src/deliver.c may lead to remote command execution. CVE-2019-10149 This...

10CVSS9.8AI score0.99961EPSS
Exploits27
MSRC
MSRC
added 2019/06/15 3:48 a.m.363 views

Prevent the impact of a Linux worm by updating Exim (CVE-2019-10149)

This week, MSRC confirmed the presence of an active Linux worm leveraging a critical Remote Code Execution RCE vulnerability, CVE-2019-10149, in Linux Exim email servers running Exim version 4.87 to 4.91. Microsoft Azure infrastructure and Services are not affected; only customer’s Linux IaaS...

7.5CVSS1AI score0.99961EPSS
Exploits27
Rows per page
Query Builder