CVE-2019-11366

An issue was discovered in atftpd in atftp 0.7.1. It does not lock the threadlistmutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If threaddata is NULL when assigned to current, a...

CVE-2025-11366

creationtimestamp| type| source ---|---|--- 2025-11-12 20:49:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m5hjnuejbs2q 2025-11-13 06:02:05+00:00| seen| https://infosec.exchange/users/offseq/statuses/115540867427273284 2025-11-13 06:02:07+00:00| seen|...

CVE-2025-11366

N-central 2025.4 is vulnerable to authentication bypass via path traversal...

CVE-2017-11366

creationtimestamp| type| source ---|---|--- 2025-09-17 21:00:04+00:00| published-proof-of-concept| Telegram/IechzTJqEoGzyCNt3bqa1OsFAGBEn8a-qVqD1btrcdGoLD8...

CVE-2024-11366 SEO Landing Page Generator <= 1.66.2 - Reflected Cross-Site Scripting

The SEO Landing Page Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.66.2. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-11366

CVE-2024-11366 – SEO Landing Page Generator (WordPress) Affected: WordPress plugin SEO Landing Page Generator up to version 1.66.2.Vulnerability: Reflected Cross-Site Scripting (XSS) due to improper escaping in add_query_arg usage on the URL.Impact: Unauthenticated attackers can craft links that,...

WordPress SEO Landing Page Generator Plugin <= 1.66.2 is vulnerable to Cross Site Scripting (XSS)

Software SEO Landing Page Generator Type Plugin Vulnerable versions = 1.66.2 Fixed in 1.66.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11366 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0d742f2bf7f0 Credits vgo0...

CVE-2020-11366

...

CVE-2020-11366

CVE-2020-11366 is rejected/not used and does not represent an active vulnerability entry.

SUSE: Security Advisory (SUSE-SU-2019:14033-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4643-1: atftp vulnerabilities

It was discovered that atftp's FTP server did not properly handler certain input. An attacker could use this to to cause a denial of service crash or possibly execute arbitrary code. CVE-2019-11365 It was discovered that atftp's FTP server did not make proper use of mutexes when locking certain...

Ubuntu: Security Advisory (USN-4540-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4540-1: atftpd vulnerabilities

Denis Andzakovic discovered that atftpd incorrectly handled certain malformed packets. A remote attacker could send a specially crafted packet to cause atftpd to crash, resulting in a denial of service. CVE-2019-11365 Denis Andzakovic discovered that atftpd did not properly lock the thread list...

Debian DSA-4438-1 : atftp - security update

Denis Andzakovic discovered two vulnerabilities in atftp, the advanced TFTP server which could result in denial of service by sending malformed packets. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4438. T...

[SECURITY] [DSA 4438-1] atftp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4438-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 07, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4438-1] atftp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4438-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 07, 2019 https://www.debian.org/security/faq -...

SUSE SLES11 Security Update : atftp (SUSE-SU-2019:14033-1)

This update for atftp fixes the following issues : Security issues fixed : CVE-2019-11366: Fixed a denial of service caused by a NULL pointer dereference because threadlistmutex was not locked bsc1133145. CVE-2019-11365: Fixed a buffer overflow which could lead to remote code execution caused by ...

SUSE SLED12 / SLES12 Security Update : atftp (SUSE-SU-2019:1091-1)

This update for atftp fixes the following issues : Security issues fixed : CVE-2019-11366: Fixed a denial of service caused by a NULL pointer dereference because threadlistmutex was not locked bsc1133145. CVE-2019-11365: Fixed a buffer overflow which could lead to remote code execution caused by ...

CVE-2019-11366

An issue was discovered in atftpd in atftp 0.7.1. It does not lock the threadlistmutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If threaddata is NULL when assigned to current, a...

CVE-2018-11366

init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting XSS because logging is mishandled. This is fixed in 1.4.0...