CVE-2024-12309

The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the getpoststatus due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to...

CVE-2024-12309

The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the getpoststatus due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to...

CVE-2024-12309

creationtimestamp| type| source ---|---|--- 2024-12-13 08:51:27+00:00| seen| https://infosec.exchange/users/cve/statuses/113644659426186356 2024-12-13 10:45:10+00:00| seen| https://t.me/cvedetector/12846...

CVE-2024-12309

CVE-2024-12309 affects Rate My Post – Star Rating Plugin for WordPress (FeedbackWP). The vulnerability is an Insecure Direct Object Reference in get_post_status() due to missing validation on a user-controlled key, allowing unauthenticated voters to affect unpublished posts. The CVE entry notes v...

CVE-2024-12309 Rate My Post – Star Rating Plugin by FeedbackWP <= 4.2.4 - Unauthenticated Voting On Scheduled Posts

The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the getpoststatus due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to...

CVE-2021-27245

This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7USV5210125 and Archer A7USV5200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue...

Authentication flaw

This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7USV5210125 and Archer A7USV5200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue...

CVE-2021-27245

This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7USV5210125 and Archer A7USV5200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue...

CVE-2021-27245

CVE-2021-27245 affects TP-Link Archer A7 family (A7 AC1750; Archer C7 US variants) prior to the specified V5 firmwares. Root cause: improper filtering of IPv6 SSH connections during IPv6 handling enables a firewall bypass by unauthenticated attackers, who could leverage this in conjunction with o...

CVE-2020-12309

Insufficiently protected credentialsin subsystem in some IntelR Client SSDs and some IntelR Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access...

CVE-2020-12309

Insufficiently protected credentialsin subsystem in some IntelR Client SSDs and some IntelR Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access...

CVE-2020-12309

Intel has published an advisory for CVE-2020-12309 noting insufficiently protected credentials in the subsystem of several Intel SSDs that could allow information disclosure with physical access. The Red Hat security note and Intel advisory enumerate affected products and required mitigations via...

Intel® SSD Advisory

Summary: Potential security vulnerabilities in multiple Intel® Solid State Drive SSD products may allow information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVE ID: CVE-2020-12309 Description: Insufficiently protected...

Intel SSD Advisory - Lenovo Support US

No description provided...

CVE-2019-12309

creationtimestamp| type| source ---|---|--- 2019-05-23 20:48:40+00:00| seen| https://t.me/cvemitreorg/281...

CVE-2018-12309

Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. NOTE: the "filename" POST parameter is covered by CVE-2018-11345...

CVE-2018-12309

CVE-2018-12309 describes a directory traversal in ASUSTOR ADM 3.1.1, via upload.cgi, allowing an attacker to upload files to arbitrary locations by modifying the path URL parameter (the filename parameter is covered by CVE-2018-11345). NVD lists CVSS v3.0 base score 7.5 (HIGH) with network attack...

CVE-2017-12309

The CVE-2017-12309 issue affects Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA). The root cause is improper input sanitization that enablesHTTP response splitting by an unauthenticated remote attacker, allowing potential cross-site scripting, cross-user defac...

CVE-2009-4535

creationtimestamp| type| source ---|---|--- 2009-10-23 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/9897 2010-04-20 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/12309...