26 matches found
CVE-2025-12854
A vulnerability was identified in newbee-mall-plus up to 2.4.1. This vulnerability affects the function executeSeckill of the file /seckillExecution/. The manipulation of the argument userid leads to authorization bypass. It is possible to initiate the attack remotely. The attack is considered to...
CVE-2020-12854
A remote code execution vulnerability was identified in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can invoke code execution upon uploading a carefully crafted JPEG file as part of the profile avatar...
CVE-2024-12854
The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been uploaded in all versions up to, and including, 2.3.0. This makes it possible for authenticated...
CVE-2024-12854
creationtimestamp| type| source ---|---|--- 2025-01-08 09:19:37+00:00| seen| https://infosec.exchange/users/cve/statuses/113791990278283510 2025-01-08 10:12:11+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/688 2025-01-08 10:15:26+00:00| seen|...
CVE-2024-12854
CVE-2024-12854 concerns Garden Gnome Package (WordPress) where all versions up to 2.3.0 are vulnerable due to missing file type validation when extracting uploaded ggpkgs. This enables an attacker with Author+ privileges to upload arbitrary files to the server, with potential remote code executio...
CVE-2024-12854 Garden Gnome Package <= 2.3.0 - Authenticated (Author+) Arbitrary File Upload
The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been uploaded in all versions up to, and including, 2.3.0. This makes it possible for authenticated...
Oracle Linux 9 : glibc (ELSA-2023-12854)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12854 advisory. 2.34-60.0.3 - CVE-2023-4911: tunables: Terminate immediately if end of input is reached Reviewed by: Jose E. Marchesi Tenable has extracted the preceding...
Mageia: Security Advisory (MGASA-2019-0266)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RLSA-2020:4743 Moderate: squid:4 security, bug fix, and enhancement update
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a later upstream version: squid 4.11. BZ1829467 Security Fixes: squid: Improper input validation in request allows for proxy manipulation...
Moderate: squid:4 security, bug fix, and enhancement update
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a later upstream version: squid 4.11. BZ1829467 Security Fixes: squid: Improper input validation in request allows for proxy manipulation...
ALSA-2020:4743 Moderate: squid:4 security, bug fix, and enhancement update
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a later upstream version: squid 4.11. BZ1829467 Security Fixes: squid: Improper input validation in request allows for proxy manipulation...
CVE-2020-12854
CVE-2020-12854 affects SecZetta NEProfile 3.3.11. An authenticated remote attacker can trigger remote code execution by uploading a specially crafted JPEG as the profile avatar. This is a network-exposed vector with low authentication requirements and high impact (CVE shows high in CVSS‑3.1). Pub...
SecZetta NEProfile 3.3.11 Remote Code Execution Vulnerability
Exploit Title: NEProfile - Remote Code Execution Date: 5/13/2020 Vendor Homepage: https://seczetta.com Software Link: https://seczetta.com/product/ne-profile Version: 3.3.11 Tested on: 3.3.11 Exploit Author: Josh Sheppard Exploit Contact: ghost a t undervurse dotcom Exploit Technique: Remote CVE...
Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2019-2093)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-4213-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated squid packages fix security vulnerabilities
Updated squid packages fix security vulnerabilities: It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service CVE-2019-12525. It was discovered that Squid incorrectly handled...
[SECURITY] [DSA 4507-1] squid security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4507-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 24, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4507-1] squid security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4507-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 24, 2019 https://www.debian.org/security/faq -...
CVE-2019-12854
Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it...
CVE-2019-12854
Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it...