CVE-2019-10671

An issue was discovered in LibreNMS through 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these database queries to extract or manipulate data, as demonstrated by the graph.php sort parameter...

CVE-2024-10671

creationtimestamp| type| source ---|---|--- 2024-11-21 05:40:41+00:00| seen| https://infosec.exchange/users/cve/statuses/113519338529264658...

CVE-2024-10671 Button Block – Get fully customizable & multi-functional buttons <= 1.1.4 - Authenticated (Contributor+) Post Disclosure

The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.4 via the btnblock shortcode due to insufficient restrictions on which posts can be included. This makes it possible for...

CVE-2024-10671 Button Block – Get fully customizable & multi-functional buttons <= 1.1.4 - Authenticated (Contributor+) Post Disclosure

The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.4 via the btnblock shortcode due to insufficient restrictions on which posts can be included. This makes it possible for...

WordPress Button Block Plugin <= 1.1.4 is vulnerable to Broken Authentication

Software Button Block Type Plugin Vulnerable versions = 1.1.4 Fixed in 1.1.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10671 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID ae07da220d1c Credits...

CVE-2020-10671

The CVE-2020-10671 entry concerns the Canon Oce Colorwave 500 printer (version 4.0.0.0). The web management interface is missing CSRF protections, enabling a logged-in administrator to be targeted by an attacker to perform administrative actions. The issue is described as system-wide and is noted...

CVE-2019-10671

An issue was discovered in LibreNMS through 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these database queries to extract or manipulate data, as demonstrated by the graph.php sort parameter...

CVE-2019-10671

CVE-2019-10671 affects LibreNMS (through 1.47). The issue is that user-supplied input is not parameterized in SQL queries, allowing an authenticated attacker to subvert database queries and extract or manipulate data, demonstrated via the graph.php sort parameter. The vulnerability is a SQL injec...

CVE-2016-10671

The CVE-2016-10671 issue affects the mystem-wrapper; the wrapper downloads binary resources over HTTP, exposing it to MITM attacks. A malicious actor on the network could swap the requested resources with a attacker-controlled copy, potentially enabling remote code execution on the host running m...

[ASA-201802-5] sthttpd: arbitrary code execution

Arch Linux Security Advisory ASA-201802-5 ========================================= Severity: High Date : 2018-02-09 CVE-ID : CVE-2017-10671 Package : sthttpd Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-333 Summary ======= The package sthttpd before...

mole.haynes.com XSS vulnerability

Open Bug Bounty ID: OBB-542818 Description| Value ---|--- Affected Website:| mole.haynes.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2017-10671

Heap-based Buffer Overflow in the dedotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service daemon crash or possibly have unspecified other impact via a crafted filename...

CVE-2017-10671

Heap-based Buffer Overflow in the dedotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service daemon crash or possibly have unspecified other impact via a crafted filename...

CVE-2017-10671

Heap-based Buffer Overflow in the dedotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service daemon crash or possibly have unspecified other impact via a crafted filename...

CVE-2017-10671

CVE-2017-10671 affects sthttpd up to version 2.27.1. Heap-based Buffer Overflow occurs in the de_dotdot function in libhttpd.c, allowing remote attackers to cause a denial of service (daemon crash) and potentially other impact via a crafted filename. Upstream fixes are in 2.27.1 (as noted by Arch...