CVE-2024-11853

CVE-2024-11853: The jAlbum Bridge plugin for WordPress (versions up to and including 2.0.15) is vulnerable to Stored Cross-Site Scripting via the ar parameter. An authenticated attacker with Contributor-level access can inject scripts that execute in pages viewed by users. A patch/upgrade to a ve...

CVE-2024-11853 jAlbum Bridge <= 2.0.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via ar Parameter

The jAlbum Bridge plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ar’ parameter in all versions up to, and including, 2.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2024-11853 jAlbum Bridge <= 2.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via ar Parameter

The jAlbum Bridge plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ar’ parameter in all versions up to, and including, 2.0.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

Micro Focus UCMDB Remote Code Execution (CVE-2020-11854; CVE-2020-11853)

A remote code execution vulnerability exists in Micro Focus UCMDB. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Metasploit Wrap-Up

MobileIron MDM Hessian-Based Java Deserialization RCE Our very own wvu-r7 has added exploits/linux/http/mobileironmdmhessianrce, which exploits an ACL bypass in MobileIron MDM products to execute a Java deserialization attack using a Groovy gadget against a Hessian based endpoint. CVE-2020-15505...

Micro Focus UCMDB Remote Code Execution Exploit

This Metasploit module exploits two vulnerabilities, that when chained allow an attacker to achieve unauthenticated remote code execution in Micro Focus UCMDB. UCMDB included in versions 2020.05 and below of Operations Bridge Manager are affected, but this module can probably also be used to...

CVE-2020-11853

creationtimestamp| type| source ---|---|--- 2021-01-27 15:07:52+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/microfocusucmdbunauthdeser.rb 2021-02-09 17:33:51+00:00| seen|...

CVE-2020-11853

Micro Focus Operations Bridge Manager and related components (including UCMDB, Data Center Automation, Application Performance Management, Universal CMDB, Hybrid Cloud Management, Service Management Automation) are affected by CVE-2020-11853. The connected sources describe a remote code execution...

CVE-2019-11853

Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4...

CVE-2019-11853

ALEOS AT command interface exposes several potential command injection vulnerabilities in versions prior to 4.11.0 and 4.9.4. Connected CNVD/NVD entries confirm the issue affects ALEOS and reference affected versions; no additional exploitation details are provided in the sources. Remediation gui...

CVE-2018-11853

Lack of check on out of range for channels When processing channel list set command will lead to buffer flow in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM429,...

CVE-2018-11853

CVE-2018-11853 affects Qualcomm Snapdragon/SoCs (e.g., IPQ8074, MDM9xxx, SD 4xx–8xx) where processing a channel list set command lacks an out-of-range check, causing a buffer overflow in the channel processing path. This is a local-attack, low-precision vector with potential impact on confidentia...

CVE-2017-11853

Technical details for CVE-2017-11853 (affected Windows kernel versions, root cause, impact, and fixes) are not publicly provided in the connected documents. Monitor for updates from official advisories (MSRC) and regional databases.

SuSE9 Security Update : Tk (YOU Patch Number 11853)

This update fixes a buffer overflow that occurs while processing interlaced/animatedGIF images. CVE-2007-4851 This bug could be used to execute code remotely. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc...