CVE-2025-1782

In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an attacker to do anything as the web server user. This flaw requires the attacker to be authenticated...

MiracleLinux 7 : libssh2-1.4.3-10.el7 (AXSA:2015-623:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2015-623:01 advisory. libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS22, SECSH-USERAUTH25, SECSH-CONNECTION23, SECSH-ARCH20,...

EUVD-2026-1782

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to missing authorization to unauthorized data modification and deletion due to a missing capability check on the 'deleteobject' function in all versions up to, and including, 3.28.25. This makes it possible for unauthenticated...

CVE-2021-1782

A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple is aware of a...

CVE-2012-1782

Multiple cross-site scripting XSS vulnerabilities in questions/ask in OSQA 3b allow remote attackers to inject arbitrary web script or HTML via the 1 url bar or 2 picture bar...

CVE-2025-1782

In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an attacker to do anything as the web server user. This flaw requires the attacker to be authenticated...

CVE-2025-1782

creationtimestamp| type| source ---|---|--- 2025-04-14 18:54:04+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11676 2025-04-14 19:46:18+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114338036274546789 2025-04-14 20:18:49+00:00| seen|...

CVE-2025-1782

CVE-2025-1782 affects HylaFAX Enterprise Web Interface and AvantFAX. The vulnerability arises from an unsanitized language form element that can be abused to include an arbitrary file in PHP code, enabling an authenticated attacker to perform actions as the web server user. The available document...

CVE-2025-1782 Unsanitized input in language form field

In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an attacker to do anything as the web server user. This flaw requires the attacker to be authenticated...

Linux Distros Unpatched Vulnerability : CVE-2015-1782

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The kexagreemethods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service crash or have other unspecified impact via crafted lengt...

Rocky Linux 8 : bind and dhcp (RLSA-2024:1782)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1782 advisory. - The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS...

RHEL 8 : bind and dhcp (RHSA-2024:1782)

"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1782 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...

Oracle Linux 8 : bind / and / dhcp (ELSA-2024-1782)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1782 advisory. - Speed up parsing of DNS messages with many different names CVE-2023-4408 - Prevent increased CPU consumption in DNSSEC validator CVE-2023-50387...

AlmaLinux 8 : bind and dhcp (ALSA-2024:1782)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1782 advisory. - The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS...

CVE-2024-1782

creationtimestamp| type| source ---|---|--- 2024-03-05 03:27:59+00:00| seen| https://t.me/ctinow/199856...

CVE-2024-1782

CVE-2024-1782 concerns the Blue Triad EZAnalytics WordPress plugin. Affected versions are all up to and including 1.0, with a Reflected Cross-Site Scripting vulnerability via the bt_webid parameter caused by insufficient input sanitization and output escaping. This enables unauthenticated attacke...

WordPress Blue Triad EZAnalytics Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Blue Triad EZAnalytics Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1782 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 505430cf135b Credits WordFence...

Cisco FXOS and NX-OS Software Command Injection (CVE-2019-1782)

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI...

Amazon Linux AMI : libX11 (ALAS-2023-1782)

The version of libX11 installed on the remote host is prior to 1.6.0-2.2.15. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1782 advisory. A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that...

EulerOS 2.0 SP11 : libksba (EulerOS-SA-2023-1782)

According to the versions of the libksba package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely f...