AlmaLinux 8 : fence-agents (ALSA-2026:1240)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:1240 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...

EUVD-2026-1240

EUVD-2026-1240...

Amazon Linux 2023 : java-25-amazon-corretto, java-25-amazon-corretto-devel, java-25-amazon-corretto-headless (ALAS2023-2025-1240)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1240 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Ja...

EUVD-2006-1245

Malware in sbrugna...

CVE-2025-1240

creationtimestamp| type| source ---|---|--- 2025-02-11 21:58:17+00:00| seen| https://infosec.exchange/users/cve/statuses/113987492060687465 2025-02-11 22:16:06+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhwopwhc4u2a 2025-02-11 23:11:59+00:00| seen|...

CVE-2025-1240

Summary: CVE-2025-1240 corresponds to a WinZip 7Z file parsing vulnerability that enables remote code execution via an out-of-bounds/write within the 7Z parser. The issue stems from insufficient validation of user-supplied data, potentially allowing code execution in the affected process. Exploit...

CVE-2025-1240 WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...

CVE-2024-1240

The CVE-2024-1240 entry applies to pyload/pyload 0.5.0, where the login flow mishandles the next parameter, enabling an open redirect to attacker-controlled sites (phishing risk). The issue is mitigated by upgrading to pyload-ng 0.5.0b3.dev79 or later. Connected documents confirm the vulnerable c...

CVE-2024-1240 Open Redirection in pyload/pyload

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other...

RHEL 9 : postgresql (RHSA-2024:1240)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1240 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: non-owner 'REFRESH MATERIALIZED VIEW...

Debian: Security Advisory (DLA-623-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-1240

creationtimestamp| type| source ---|---|--- 2023-03-07 12:13:29+00:00| seen| https://t.me/cibsecurity/59546 2025-03-04 19:33:45+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6402...

CVE-2023-1240 Cross-site Scripting (XSS) - Stored in answerdev/answer

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.6...

CVE-2023-1240 Cross-site Scripting (XSS) - Stored in answerdev/answer

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.6...

CVE-2023-1240

The CVE-2023-1240 entry covers a Stored XSS flaw in the open-source project answerdev/answer, affecting versions prior to 1.0.6. The vulnerability arises from input that is stored and later displayed without proper sanitization, enabling arbitrary script execution in affected users’ browsers. Mul...

Metasploit Weekly Wrap-Up

Taking a stroll down memory lane Tomcat Init Script Privilege Escalation Do you remember the issue with Tomcat init script that was originally discovered by Dawid Golunski back in 2016 that led to privilege escalation? This week's Metasploit release includes an exploit module for CVE-2016-1240 by...

Apache Tomcat On Ubuntu Log Init Privilege Escalation

This exploit sample shows how an exploit module could be written to exploit a bug in a command on a linux computer for priv esc. class MetasploitModule 'Apache Tomcat on Ubuntu Log Init Privilege Escalation', 'Description' = %q Tomcat 6, 7, 8 packages provided by default repositories on...

Apache Tomcat On Ubuntu Log Init Privilege Escalation Exploit

This Metasploit module targets a vulnerability in Tomcat versions 6, 7, and 8 on Debian-based distributions where these older versions provide a vulnerable tomcat init script that allows local attackers who have already gained access to the tomcat account to escalate their privileges from the...

CVE-2022-1240

Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the rstrncpy function. Therefore I think it is very likely to be exploitable. For more general...

CVE-2022-1240

CVE-2022-1240 affects radare2 prior to 5.8.6. The vulnerability is a heap buffer overflow in libr/bin/format/mach0/mach0.c, with the issue occurring when address sanitizer is disabled during compilation, potentially leading to exploitation via the r_str_ncpy path. Public documents explicitly desc...