OSV-2025-1039 UNKNOWN WRITE in fuzz_regexp

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=471926738 Crash type: UNKNOWN WRITE Crash state: fuzzregexp...

ECHO-1039-B7FB-DC0C

Bulletin has no description...

CVE-2023-1039

A vulnerability classified as critical was found in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index3.php of the component POST Parameter Handler. The manipulation of the argument password leads to sql...

CVE-2021-1039

In NotificationAccessActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

CVE-2025-1039 Lenix Elementor Leads addon <= 1.8.2 - Unauthenticated Stored Cross-Site Scripting via URL Form Field

The Lenix Elementor Leads addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a URL form field in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

CVE-2025-1039

CVE-2025-1039 : Lenix Elementor Leads addon for WordPress suffers stored XSS via a URL form field in versions up to 1.8.2 due to insufficient input sanitization and output escaping, enabling unauthenticated attackers to inject scripts on pages viewed by users. Red Hat confirms the same issue unde...

CVE-2025-1039 Lenix Elementor Leads addon <= 1.8.2 - Unauthenticated Stored Cross-Site Scripting via URL Form Field

The Lenix Elementor Leads addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a URL form field in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

CVE-2024-1039

creationtimestamp| type| source ---|---|--- 2024-02-01 23:26:36+00:00| seen| https://t.me/ctinow/177824 2024-02-24 10:11:20+00:00| seen| https://t.me/ctinow/192523...

CVE-2024-1039 Use of Hard-coded Credentials in Gessler GmbH WEB-MASTER

Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device...

CVE-2024-1039

CVE-2024-1039 – Gessler GmbH WEB-MASTER is a vulnerability in the WEB-MASTER emergency lighting management system (affected version: 7.9) caused by a restoration account that uses weak, hard-coded credentials. An attacker could remotely take control of the device’s web management (CVSS v3.1 base ...

Gessler GmbH WEB-MASTER

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable Remotely/Low attack complexity Vendor : Gessler GmbH Equipment : WEB-MASTER Vulnerabilities : Use of Weak Credentials, Use of Weak Hash 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a user to take...

Huawei EulerOS: Security Advisory for libtommath (EulerOS-SA-2024-1039)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-38858

Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039...

CVE-2023-1039 SourceCodester Class and Exam Timetabling System POST Parameter index3.php sql injection

A vulnerability classified as critical was found in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index3.php of the component POST Parameter Handler. The manipulation of the argument password leads to sql...

CVE-2023-1039

CVE-2023-1039 affects SourceCodester Class and Exam Timetabling System 1.0. The vulnerability exists in the POST Parameter Handler for /admin/index3.php, where manipulation of the password parameter enables SQL injection. The issue is exploitable remotely and has been disclosed publicly. Affected...

CVE-2022-1039

creationtimestamp| type| source ---|---|--- 2022-04-20 20:25:50+00:00| seen| https://t.me/cibsecurity/41182...

CVE-2022-1039 ICSA-22-104-03 Red Lion DA50N

The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obtained, the other passwords can be changed. The weak password on Linux accounts can be accessed via SSH or Telnet, the former of which is by default enabled on trusted interfaces. While the...

CVE-2022-1039 ICSA-22-104-03 Red Lion DA50N

The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obtained, the other passwords can be changed. The weak password on Linux accounts can be accessed via SSH or Telnet, the former of which is by default enabled on trusted interfaces. While the...

CVE-2022-1039

CVE-2022-1039 is referenced across multiple sources as a weakness in the Red Lion DA50N gateway related to weak password requirements. The primary concrete details indicate that: the web UI password is weak and can be exploited over HTTP/HTTPS, enabling attackers to change other passwords; Linux ...

Red Lion DA50N

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Red Lion Equipment: DA50N Vulnerabilities: Insufficient Verification of Data Authenticity, Weak Password Requirements, Use of Unmaintained Third-Party Components, Insufficiently Protected Credentials 2...