26 matches found
WordPress 10Web Booster plugin <= 2.32.7 - Authenticated (Subscriber+) Arbitrary Folder Deletion via two_clear_page_cache vulnerability
Authenticated Subscriber+ Arbitrary Folder Deletion via twoclearpagecache vulnerability discovered by shark3y in WordPress Plugin 10Web Booster – Website speed optimization, Cache & Page Speed optimizer versions = 2.32.7...
CVE-2025-13377
creationtimestamp| type| source ---|---|--- 2025-12-06 07:03:10+00:00| seen| https://infosec.exchange/users/offseq/statuses/115671340696966655 2025-12-06 07:03:11+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3m7cgntkoys25 2025-12-06 09:53:00+00:00| seen|...
CVE-2020-13377
The web-services interface of Loadbalancer.org Enterprise VA MAX through 8.3.8 could allow an authenticated, remote, low-privileged attacker to conduct directory traversal attacks and obtain read and write access to sensitive files...
CVE-2024-13377
creationtimestamp| type| source ---|---|--- 2025-01-17 09:39:00+00:00| seen| https://infosec.exchange/users/cve/statuses/113843027326954874 2025-01-17 09:56:19+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/2114 2025-01-17 10:15:32+00:00| seen|...
CVE-2024-13377
The CVE-2024-13377 entry refers to the Gravity Forms plugin for WordPress, vulnerable to a Stored Cross-Site Scripting (Stored XSS) via the alt parameter in all versions up to and including 2.9.1.3. The underlying cause is insufficient input sanitization and output escaping, enabling unauthentica...
CVE-2024-13377 GravityForms <= 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'alt' parameter
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alt’ parameter in all versions up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...
CVE-2020-13377
The web-services interface of Loadbalancer.org Enterprise VA MAX through 8.3.8 could allow an authenticated, remote, low-privileged attacker to conduct directory traversal attacks and obtain read and write access to sensitive files...
CVE-2020-13377
The web-services interface of Loadbalancer.org Enterprise VA MAX through 8.3.8 could allow an authenticated, remote, low-privileged attacker to conduct directory traversal attacks and obtain read and write access to sensitive files...
CVE-2020-13377
Summary: CVE-2020-13377 affects Loadbalancer.org Enterprise VA MAX (up to version 8.3.8). The web-services interface is vulnerable to a directory traversal flaw that an authenticated, remote, low-privileged attacker can exploit to read and write sensitive files. What’s affected: Loadbalancer.org ...
Linux/x86 - Polymorphic linux x86 Shellcode (92 Bytes)
Exploit Title: Polymorphic linux x86 nc -lvve/bin/sh -p13377 shellcode 92 Bytes Exploit Author: Eduardo Silva Tested on: Linux x8664 SMP Debian 4.19.260-1 SLAE/Student ID: PA-31319 Webpage: https://0xnibbles.github.io/ Description: This shellcode is a polymorphic version of...
OESA-2021-1019 wpa_supplicant security update
wpasupplicant is a WPA Supplicant for Linux, BSD, Mac OS X, and Windows with support for WPA and WPA2 IEEE 802.11i / RSN. It is suitable for both desktop/laptop computers and embedded systems. Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key...
Linux/x86 - bind shell on port 13377 Shellcode (65 bytes)
Exploit Title: Linux/x86 - bind shell on port 13377 Shellcode 65 bytes Date: Jan 12, 2021 Exploit Author: ac3 Version: Linux x86 Tested on: Linux x86 linux x86 nc -lvve/bin/sh -p13377 shellcode This shellcode will listen on port 13377 using netcat and give /bin/sh to connecting attacker 31 c0 xor...
Debian DSA-4538-1 : wpa - security update
Two vulnerabilities were found in the WPA protocol implementation found in wpasupplication station and hostapd access point. - CVE-2019-13377 A timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves could be used by an attacker to retrieve the password. -...
Debian: Security Advisory (DSA-4538-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 4538-1] wpa security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4538-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez September 29, 2019 https://www.debian.org/security/faq -...
Fedora 30 : hostapd (2019-97e9040197)
Update to version 2.9 from upstream Security fix for CVE-2019-13377 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
CVE-2019-13377
The implementations of SAE and EAP-pwd in hostapd and wpasupplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel...
CVE-2019-13377
The implementations of SAE and EAP-pwd in hostapd and wpasupplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel...
BELL-CVE-2019-13377 CVE-2019-13377 does not affect BellSoft software
Bulletin has no description...
CVE-2019-13377
The implementations of SAE and EAP-pwd in hostapd and wpasupplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel...